Boards Increase Investment in Cybersecurity in Face of Threats and Regulatory Fines


Board decisions on cybersecurity spending are slowly improving following the impact of regulatory fines and COVID-19.

According to research by Thycotic surveying 908 senior IT security decision makers working within organizations with more than 500 employees, 58% plan to add more security budget in the next 12 months.

Amid growing cyber threats and rising risks through the COVID crisis, CISOs report that boards are listening and stepping up with increased budget for cybersecurity, with 91% agreeing that their board adequately supports them with investment.

In an email to Infosecurity, Joseph Carson, chief security scientist at Thycotic, said he believed the retro-fixing of security to remote working tools was “a path and direction most organizations have been going down, however it was always a lower priority.”

He claimed COVID-19 has accelerated the investment into both cloud and remote working budgets, and this includes the need for secure remote access and the ability to access from any location. “Having a CISO on the board is helping ensure technology that supports remote working environments are also secure by design,” he said. 

Terence Jackson, CISO for Thycotic said while boards are definitely listening and stepping up with increased budget for cybersecurity, they tend to view any investment as a cost rather than adding business value. “However, there is still some way to go,” he continued. “The fact boards mainly approve investments after a security incident or through fear of regulatory penalties for non-compliance shows that cybersecurity investment decisions are more about insurance than about any desire to lead the field which, in the long run, limits the industry’s ability to keep pace with the cyber-criminals.” 

The research also showed that 77% of respondents have received boardroom investment for new security projects either in response to a cyber incident in their organization (49%), or through fear of audit failure (28%). 

Asked if the fear of regulatory fines is an effective way to win budgets, Carson said: “It really depends on how the risk of compliance fines are communicated to the board. If it is done in a way that shows the financial exposure, it highlights a real business risk that must be reduced. The CISO needs to be able to speak the same language as the board and compliance exposure is a way that the CISO can effectively show tangible financial risks.”

However, 37% of participants’ proposed investments were turned down because the threat was perceived as low risk, or because the technology had a lack of demonstrable ROI. One-third (33%) believe senior management does not comprehend the scale of threat when making cybersecurity investment decisions.

Asked if this is proof that boards are able to understand cybersecurity if they are able to determine risk levels, Carson said he believed boards are improving at understanding risks, however this can also be related to the problem that security teams struggle to relate those security investment into business risk or how it helps the business ROI.

“The main area for security improvement is always going to be how to convey business ROI from security investments and all security teams need a business financial risk analyst who can convert security risk into business risk,” he said.



Source link

Recent articles

SARS: Lagos under lockdown after protesters ‘shot’ | Nigeria

Heavy security presence in Nigeria’s biggest city; dozens taken to hospital after soldiers reportedly shot at protesters.Lagos was under lockdown on Wednesday as...

FIFA World Cup 2022™ – News – FIFA World Cup 2022™ First Sustainability Progress Report published

The FIFA World Cup 2022™ First Sustainability Progress Report provides an update on the progress made by FIFA, the...

Google Antitrust Fight Thrusts Low-Key C.E.O. Into the Line of Fire

OAKLAND, Calif. — When Sundar Pichai succeeded Larry Page as the head of Google’s parent company in December, he was handed a bag...

How do I know if grad school is worth it?

College enrollment is down overall compared with last year due to the coronavirus. But the economic effects of the pandemic may actually be...

Nike Moto

Source link

Iranian Fokker 100 engine parts penetrate cabin after uncontained failure | News

Iranian investigators are probing the serious uncontained failure of a Fokker 100 engine which forced the crew to abort take-off from Tehran’s Mehrabad...

Leave a reply

Please enter your comment!
Please enter your name here