There is an urgent need for boards to become better educated about cyber security in order to propagate an appropriate attitude to infosec to CEOs and, from them down, an appropriate culture throughout an organisation.
A recent survey conducted by McAfee found CEOs to be the C-suite executives least concerned about cyber risk — despite being identified by 67 per cent of respondents as the executives that should be held accountable for cyber risk.
McAfee attributed this to “a lack of KPIs and/or incentives related to cyber security, organisational culture and because of business strategy and direction.”
Ian Yip, Asia Pacific CTO with McAfee, told Computerworld: “The main thing that stood out from the survey was that we asked CIOs and CISOs, ‘Who do you think should be accountable for cyber security?’ and ‘Who do you think cares least for cyber security?’ and we got the same answer.
“Forty-five per cent said CEOs should be responsible and 45 per cent said CEOs care least. So there is a misalignment of expectations there. CIOs and CISOs are saying ‘CIOs really don’t care but somehow I…
