Dark Reading's latest community poll shows a stunning lack of confidence in chief execs' commitment to cyber security.
Former Target chief executive Greg Steinhafel would be in good company today if the Dark Reading community had a say in his job performance on cyber security risk management.
Steinhafel, as I'm sure you recall, famously resigned from the retailers' top job this past May, following a data breach of 40 million hacked credit and debit card accounts compromising the names, phone numbers, email and mailing addresses from as many as 70 million customers.
In the Dark Reading community, according to the results of our latest poll, members likewise show a stunning lack of confidence in their chief executives' ability to marshal the talent, financial resources, skills and training to defend their companies from a similar attack. Only 16% of roughly 750 respondents gave CEOs an "A" for making cyber risk management a top priority. On the bottom end of the grade scale, 19% blasted execs for an "epic fail" that left company data an open target for hackers and criminals.
If there is any good news in the community report card, it's that for more than a quarter of respondents, their executive leadership is moving in the right direction, albeit with one significant qualification: "We lack critical tools."
More damning is the indictment from the 40% who say companies are either "barely meeting minimum compliance standards" or "flying blind" with security teams who lack the latest technology and training.
In Target's case, what happened to Steinhafel -- a 35-year company veteran -- should serve as a cautionary tale to other corner office execs that in today's complex and rapidly evolving threat landscape, security needs to be viewed as an investment not a cost.
Or, as PaloJoel observed in a comment on Why Security & Profitability Go Hand-In-Hand, "The real question business leaders should be asking security practioners is [how can I] make my security a competitve advantage versus how do I get you to stop draining my pockets. Bottomline: if I am robbed less, protect myself better, do it more easily, and spend less doing it than the other guy I am going to grow faster and be more profitable."
What advice would you give to your CEO about how to beef up the company's risk management GPA and turn infosec into a business benefit? Let ‘s chat about that in the comments.
About the Author(s)
You May Also Like
Guarding the Cloud: Top 5 Cloud Security Hacks and How You Can Avoid Them
April 4, 2024Cybersecurity Strategies for Small and Med Sized Businesses
April 11, 2024Defending Against Today's Threat Landscape with MDR
April 18, 2024Securing Code in the Age of AI
April 24, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024Black Hat Asia - April 16-19 - Learn More
April 16, 2024