Over a third of IT leaders not revealing cyber-attacks to senior leadership
CEOs expected to be held accountable for cyber-attacks damages, yet kept in the dark over significant data breaches
More than a half (58 per cent) of IT Decision Makers (ITDMs) and office workers (54 per cent) in the UAE believe the CEO should be held accountable for a significant data breach. However, over a third (36 per cent) of ITDMs admitted to not actually disclosing a significant data breach to senior management.
These are the findings from a recent study by VMware and specialist market research agency Vanson Bourne.
This lack of full disclosure indicates that those held accountable for the business do not have the full picture when it comes to the risk posed by breaches. This is also reinforced by additional research sponsored by VMware and conducted by the Economist Intelligence Unit earlier this year, which revealed that, just eight per cent of EMEA corporate leaders consider cyber security a priority for their business. As cyber-attacks intensify and become more damaging for organisations, including a loss of intellectual property, competitive positioning, and customer data, the potential impact of this disconnect to performance and brand is significant.
Vulnerabilities call for a new approach to security
Businesses are coming under increasing threat from serious cyber-attacks, with around two thirds (64 per cent) expecting to be hit in the next 90 days. With the complexities of an increasingly digital business world, current security methods may not be keeping pace. In fact, almost a quarter (23 per cent) of ITDMs in the UAE believe one of the greatest vulnerabilities to their organisation to a cyber-attack is threats moving faster than their defences.
“The disconnect between business leaders and IT decision makers is symptomatic of the underlying challenge faced as organisations seek to push boundaries, transform and differentiate, as well as secure the business against ever-changing threats”, commented Rasheed Al Omari, Business Solutions Strategist, MENA, VMware. “Today’s most successful organisations can move and respond at speed as well as safeguard their brand and customer trust. With applications and user data on more devices in more locations than ever before, these companies have moved beyond the traditional IT security approach which may not protect the digital businesses of today.”
People and processes are as much about the problem as technology
Some of the greatest vulnerabilities to an organisation’s security stem from within the organisation, with employees who are careless or untrained in cyber security the greatest security challenge their business faces (cited by 40 per cent of ITDMs in the UAE). Today’s research also reveals the steps employees are willing to take to increase productivity, with over a third (39 per cent) using their personal device to access corporate data and almost two thirds (37 per cent) would risk being in breach of the organisation’s security to carry out their job effectively.
“Security is not just about technology. As the research shows, the decisions and behaviours of people will impact the integrity of a business,” comments Joe Baguley, CTO, VMware EMEA. “However, this can’t be about lock-down or creating a culture of fear. Smart organisations are enabling, not restricting, their employees – allowing them to thrive, adapt processes and transform operations to succeed.
“Forward thinking organisations understand that the reactive security of today is no longer doing its job of protecting applications and data,” concluded Baguley. “By taking a software-defined approach to IT that ensures security is architecture in to everything, these businesses have gained the flexibility required to both secure and succeed as a digital business.”