The majority of IT professionals believe that the head of their companies do not know enough about cyber security, a new report has shown.
CyberArk’s latest report, ‘The Gap Between Executive Awareness and Enterprise Security’, surveyed 304 IT security professionals across the globe about the knowledge of – and response to – cyber security within their firms.
The majority – 61 per cent – of those surveyed reported that their CEOs were not fully versed in cyber security, with 69 per cent believing that it was ‘too technical’ for them.
The report also found that 53 per cent of those questioned thought that their CEOs made business decisions without considering the security impacts of doing so, while 44 per cent said that their leaders did not fully understand how serious today’s cyber security risks could be.
Chief marketing officer of CyberArk, John Worrall, said: “Increasingly it’s CEOs who own the security agenda – whether they want to or not.
“By providing greater visibility into how cyber security programs are performing, and regularly communicating needs around budget and skills, IT security professionals will gain the support of the executive team and in turn help their organisation become more proactive in protecting against advanced threats.”
The report also revealed that one-third of CEOs are not briefed about cyber security issues on a regular basis, nor on the related business risks, while 43 per cent of management teams were not given security status reports.
The report warned that compliance does not equal security; it said that security professionals need to arm their CEOs with information that matters such threat detection and risk metrics versus compliance and system availability.