Survey Roundup: Execs Lack Confidence in Cybersecurity Plans

August 21, 2015

Ben DiPietro

Bad Posture: A survey of 100 security executives by Raytheon Cyber Products/Websense found 63% of respondents said their organization had suffered one or two breaches in the past year, while 17% said three to five and 6% said 10 or more. More alarmingly, 13% said they were unaware how may breaches may have occurred. The survey found 65% of respondents said they were “somewhat confident” with their organization’s current security posture, with 31% feeling “very confident.”

The survey found this lack of confidence may stem from the use of quantitative metrics to measure the effectiveness of their security programs. “Although the number of breaches or incidents is certainly not an insignificant metric, it does little to shed light on the real security posture,” the survey’s authors said. “For example, an organization might have 400 breaches one year and 300 the next. It looks like a 25% reduction, and in simple terms it is. But if the organization had even one breach among the 300 that resulted in a loss or compromise of data, then the number of breaches is really an unreliable metric for communicating an organization’s security posture.”

Going Global: A report from compliance-services firm The Network looks at the challenges companies face as they consider whether to create a global code of conduct for all employees.

The Dog Ate My Cyber Response Plan: A survey of 52 executives responsible for global risk management by insurance firm Clements Worldwide found 21% of respondents said their organizations were “not prepared at all” for a cyberattack.

Droning On: A report from insurer Lloyd’s found privacy infringement and the regulatory environment are among the top five risks facing the drone industry, with other risks including cyberattacks and reckless pilots.

Identification Implementation: A report from management-consulting firm Oliver Wyman looks at ways banks can improve their risk identification processes.

To BIC or Not?: A paper from PwC looks at the Obama administration’s proposed fiduciary standard for retirement-account advisers and whether companies should exercise the plan’s best-interest contract exemption.

I Am Whistleblower: A report from compliance-services company The Network finds the average whistleblower isn’t the person most people think it is.

Read Full Article