It is now more critical than ever for businesses to adopt information security policies and technologies to protect themselves and their customers from compromise. But, for this to happen, much of the responsibility must fall to the board level.
Worryingly though, only 56% of decision makers report that preventing a security attack is a regular item on the board agenda. This is according to our 2017 Risk:Value Report, which also revealed that businesses are facing an unprecedented set of information security risks.
What’s clear is that more needs to be done to get cybersecurity taken seriously at a boardroom level. The question is – are your senior level management doing enough?
At NTT Security, we advise businesses take the following steps to heighten awareness of information security at boardroom level:
Invest in security – recognising that investment has a role to play is a good first step as it makes people feel protected.
Drive a culture of security – a more holistic approach is required which must begin at the top with boardroom support. A lack of visibility at the board level will only trickle down into the rest of the organisation.
Improve communication and awareness – a security policy is no use if it’s kept hidden away and never shared. It should instead be an evolving document that is regularly reviewed, updated and understood by those staff who are tasked with managing potential security situations on a daily basis.
Implement an incident response plan – a company hit by a security breach should be able to recover quickly, but resilience comes down to how well a company has planned for an incident. A necessary component of a company’s cybersecurity preparedness program is an incident response plan. Communication comes into play again as a response plan will only be effective if they are read and understood.
While businesses are making strides forward in cybersecurity, there is still room for improvement along with an acute need to raise the topic to being a board-level issue.
Senior management must drive a culture of security from the top down and, with the serious regulatory repercussions that lie ahead with the General Data Protection Regulation, there is no better time to start than now.
Read the full article on how the c-suite holds the key to security attack prevention here.