News last week that a NASA computer stolen in March 2011 contained unencrypted codes used to command and control the International Space Station has put the spotlight, once again, on the issue of cyber security.
Are C-suite execs paying attention?
Unfortunately, new research suggests they’re not.
The advanced findings from the latest 2012 Carnegie Mellon CyLab Governance survey of how corporate boards and executives are managing cyber risks reveal that the issue is still not getting adequate attention at the top.
Sponsored by RSA, The Security Division of EMC, the survey results show that even though there are some improvements in key “regular” board governance practices formation of board Risk Committees and cross-organizational teams within certain organizations, significant areas of concern remain. For instance:
- Oversight is lacking. Boards and senior management are not engaging in key oversight activities, such as setting top-level policies and reviews of privacy and security budgets to help protect against breaches and mitigate financial losses.
- Most boards aren’t taking responsibility. Less than one-third of the respondents indicate their boards and senior executives are undertaking basic responsibilities for cyber governance.
- Lack of personnel is a concern. Nearly half of the respondents indicated that their companies do not have full-time personnel in key privacy and security roles.
- Insurance coverage needs updating. More than half (58 percent) of the respondents said their boards are not reviewing their companies’ insurance coverage for cyber-related risks.
What can you do to help remedy the situation at your company? RSA suggests you: (more…)