The Current Perception of Cyber Risk Among the C-Suite and Board

Mimecast, an advanced email and collaboration security company, has released its “Behind the Screens” report. To learn more about the current perceptions of cyber risk by the C-suite and boards, Mimecast spoke with leaders across the world – including Singapore – and from five sectors – financial services, healthcare, public sector, retail, and entertainment. The qualitative report digs deeper into their efforts to articulate risk and provides recommendations from the respondents on what leadership must do to work protected, even as cyberattacks proliferate.

Highlights from the report include:
 
Cyber Risk Equals Business Risk

• Many CISOs recognise there is a knowledge gap on their boards, which places CISOs at a disadvantage when they need to prove ROI on cybersecurity initiatives.
• In the face of economic volatility, when most companies around the world tighten their belts in every area of business including marketing, sales, and general technology, it can introduce even greater cyber risk due to shadow IT or outsourcing to untrustworthy third parties.
• Most security leaders believe they need a budget increase of 10% to 20%, and they feel they are likely to get it.
• Hiring and retaining cybersecurity professionals has become exponentially more difficult.

 
Value and Efficacy Via Layered Cybersecurity Framework

• CISOs are being forced to scrutinise budgets and cybersecurity technology through the well-known “people, technology, and process” lens
• Many organisations have experienced bloated or disconnected security environments over time and security vendors must meet the needs of businesses that expect more or better functionality for the same cost.

 
Phishing Protection is a Team Sport

• Phishing is one of the original cyberthreats, and it persists because attackers can continually adapt their approach. What’s more, automation tools and phishing kits are making it easier for a less skilled cybercriminal to cast a wider net, which can cause greater damage to businesses.
• The C-suite has become attuned to creating a company-wide security culture, more specifically, investing in awareness training in tandem with layered cybersecurity frameworks to minimise the likelihood of a successful attack.

 
According to Garrett O’Hara, Director, Solutions Engineering APAC, Mimecast, “The modern work surface has led to a high volume of increasingly sophisticated attacks on organisations across Asia Pacific. Budgets are tight and there are continued skills challenges, yet the opportunity for CISOs to protect their organisations has never been better. We need to keep the link between cyber risk and business risk front of mind when speaking to the board. It’s also important to avoid the trap of a monolithic security provider by implementing layered, best-of-breed cybersecurity tools; and to secure against age-old threats like phishing with email protection and awareness training for employees.”

Download the full report – Behind the SCREENS: The Board’s Evolving Perceptions of Cyber Risk to learn more from the C-level respondents about the connection between cyber risk and business risk, and recommendations to strengthen security postures via layered cybersecurity frameworks.