Overconfident execs pave way for cyberattacks; report
Intel Security and CSIS discovered organisations recognise the seriousness of the cybersecurity problems and are willing to address it
Intel Security and Center for Strategic and International Studies (CSIS) have jointly released a global report highlighting ways in which organisations can learn from cybercriminals to correct security misalignments.
The report, ‘Tilting the Playing Field: How Misaligned Incentives Work Against Cybersecurity', revealed three categories of misaligned incentives: corporate structures versus the free flow of criminal enterprises; strategy versus implementation; and senior executives versus those in implementation roles.
Out of the 800 cybersecurity professionals from five industry sectors interviewed, 90% of organisations report having a cybersecurity strategy, however only half have implemented them. Furthermore, 83% have been affected by cybersecurity breaches.
The research shows that executives are much more confident than operational staff about the effectiveness of the existing incentives, as 42% of cybersecurity implementers report that no incentives exist, compared to only 18% of decision-makers and 8% of leaders.
Candace Worley, vice president of enterprise solutions for Intel Security, said: "The cybercriminal market is primed for success by its very structure, which rapidly rewards innovation and promotes sharing of the best tools. For IT and cyber professionals in government and business to compete with attackers, they need to be as nimble and agile as the criminals they seek to apprehend, and provide incentives that IT staff value."
"It's easy to come up with a strategy, but execution is tough. How governments and companies address their misaligned incentives will dictate the effectiveness of their cybersecurity programs. It's not a matter of ‘what' needs to be done, but rather determining ‘why' it's not getting done, and ‘how' to do it better, added Denise Zheng, director and senior fellow, technology policy program at CSIS.
Despite this, the report highlighted that organisations recognise the seriousness of the cybersecurity problems and are willing to address it.