CEOs still not persuaded to boost investment in cybersecurity

Employees are an optimal entry point for attackers seeking a way in to a company’s weak infrastructure.  Cybersecurity and insider threats are two of the highest concerns confessed by CIOs and CISOs. Therefore, user negligence with company networks and devices is the main agent for cyber breaches and data leaks, especially when social engineering techniques are deployed.

As employees usually get instant access to their company’s sensitive data, a serious challenge for senior IT executives is to hire people with skills needed to handle breaches or with some training on online behavior. Insider attacks are not limited to employees who randomly click on phishing links hoping to win that great vacation; they often includes staff that may willingly leak confidential data to competitors.

In spite of warnings and past breaches, enterprises still lack a proper culture for cybersecurity. Such a culture needs to be fully embraced by organizations, while business strategies and products must be created with it in mind from the get-go. This is where CIOs can rethink policies and update them based on current security challenges.  

Classic protection agents are no longer enough. Regardless of company size, the role CIOs play across industries is critical because of the growth of the BYOD trend, the massive increase of cyberattacks and malware infections in the IoT sector.

“The rising pressure of cyber breaches and Blitzkrieg Attacks has prompted CEOs to consider CIOs as one of the most important C-level managers, joining COOs and CFOs in decision-making strategies, and bringing security to board-level thinking,” says a Bitdefender survey on US executives.

Finding the best means to mitigate threats, risk assessment and infrastructure security are what keeps them up at night, as well as investment in research and development and return on investment metrics for IT initiatives, found a Korn/Ferry survey after interviewing 131 IT executives in 2016.

Due to IT budget cuts, CIOs face steep mitigation costs, apart from the negative publicity affecting the company’s reputation. Validating the efficiency of IT initiatives through return on investment metrics is a concern for 5 percent of respondents, while 21 percent worry more about insufficient funding to drive change.

Sooner or later, all enterprises have to deal with some sort of attack or breach -- it’s no longer a matter of “if,” but a matter of “when.” Surprisingly, most CIOs feel they still have a long way to go in persuading CEOs to increase investment in IT security research and development, although they are aware of the risks involved. IT decision makers believe budgets should increase by 34 percent, because with current resources only 64 percent of attacks can be detected or prevented, Bitdefender found.

“Because of their rapidly expanding, central business role, and their crucial link to both operations and strategy, today’s CIO must be a strong leader who can work with leaders in virtually all aspects of the business,” said Craig Stephenson, Korn/Ferry managing director, North America CIO Practice.