UK CEOs are increasingly viewing investment on cyber security as an opportunity to garner more revenue instead of as an overhead cost.
CEOs are also including cyber security in their own agenda instead of placing the responsibility of ensuring cyber security on CIOs and CISOs.
A couple of months ago, while talking about the real barriers to patching cyber security, Raef Meeuwisse, author of Cybersecurity for Beginners and External Relations Director at ISACA London Chapter, bemoaned that board members at businesses and other organisations continue to view cyber security as an IT problem and that they do not seem to understand how a breach can bring down an entire organisation's networks.
'As we saw with the British Airways issue, when technology goes down, your whole business goes down. So technology isn’t something peripheral any more- it is absolutely vital. However, organisations still tend to think of technology as something that needs to be put in the corner and they forget how critical it all is until they are hit by an outage and their whole network goes down,' he told TEISS.
Fortunately, things are beginning to change. A survey of 150 UK CEOs by KPMG has revealed that a majority of CEOs are now viewing investment on cyber security as a revenue opportunity rather than an overhead cost. At the same time, more and more CEOs have started taking personal responsibility for cyber security rather than entrusting the same with CIOs and CISOs.
According to the survey, 70 per cent of leaders view investment on cyber security as a revenue opportunity and 77 per cent of them are comfortable with the degree to which mitigating cyber risk is now part of their leadership roles.
While this is a promising start and will certainly satisfy many cyber security experts, the level of preparedness of CEOs and board members to fight breaches due to human error or data theft continues to remain a major concern. The survey reveals that only 52 per cent of CEOs feel 'fully prepared' to protect their organisations in both cases.
“It’s great that business leaders are finally seeing cyber security investment as a positive figure on the balance sheet rather than a negative one. However more needs to be done to make sure their businesses are prepared in the event of a cyberattack, whether it’s from external sources or even insiders,” says Paul Taylor, UK head of cyber security at KPMG.
“With recent high profiles attacks like Wannacry hitting the press, cyber security should be on every CEO’s radar. Businesses now need to match their investment in innovative technology with their investment into cyber security, in order to stay one step ahead of cyber criminals," he adds.
CEOs will also have to take a step-by-step approach towards cloud adoption considering the long-term security risks associated with cloud technologies. A recent survey of 500 senior executives in the UK by software firm Advanced revealed that 80 percent of them would prefer cloud adoption in the wake of global cyber-attacks like WannaCry, even though 82 per cent of them believe that cloud providers need to do more to build confidence among client businesses and customers.
"Technologies like cloud now underpin much of the UK business infrastructure and there is a clear intent from companies to keep up with the pace of change. But with great digital opportunities comes an element of risk – companies must ensure cyber security is a boardroom priority and work closely with suppliers and customers to remain cyber resilient,” said Tom Thackray, Director of Innovation at CBI.