CEOs are unaware of the data breaches in their organisation, according to new research by IT company Unisys, which found only 6 per cent of CEOs say their business was impacted in the last 12 months compared to 63 per cent of chief information security officers (CISO).
The study, Cyber security standoff – Australia noted there is a disconnect between CEOs and CISOs. It highlighted the CEOs confidence in their organisation’s ability to detect and manage cyber concerns far outweighs the CISOs.
Unisys interviewed 88 CEOs and 54 CISOs, predominantly from Australia’s small-to-medium enterprise sector that are a part of physical and digital supply chains.
From the research, 69 per cent of CISOs believe that cybersecurity is viewed as part of the organisation’s business plans and objectives, compared with 27 per cent of CEOs.
The study showed 44 per cent of CEOs believe their organisations can respond to cyber threats in real time, whereas just 26 per cent of CISOs agree. More than half (51 per cent) of CEOs believe their organisations’ data collection policies are clear to consumers or citizens, yet only 26 per cent of CISOs agree.
Gergana Kiryakova, industry director cyber security for Unisys, Australia and New Zealand said, “The reality is that data breaches are inevitable. Organisations must take a proactive approach to securely manage their data and identify and isolate threats before they impact business continuity, partners, customers or citizens.
“If business leaders don’t incorporate cybersecurity into their overall risk framework, they can’t respond effectively to threats across the supply chain ecosystem, or capitalise on emerging opportunities in the data economy.”
One third of CEOs believe cyber security is an IT issue or a compliance issue. The research also highlighted the top three concerns Australians have when it comes to data security which were identity theft, bankcard fraud and hacking or viruses.
Kiryakova said, “Lack of communication is a fundamental cause of this type of disconnect between the CEO and CISO. Not every pair of CEO and CISO know how to, or even like to, talk to each other – they don’t share the same language and might define what constitutes a breach very differently.
“And to some degree there is a fear factor: where some CISOs believe if they disclose every issue they run into, they will lose their jobs. Effective communication and shared definitions are needed to drive a mindset change where security risk management becomes part of the business plan.”
Peter Altabef, Chairman and CEO of Unisys, explained the challenge of securing the supply chain in today’s hyper-connected world saying no single government entity, company or industry group is individually capable of designing or maintaining an assuredly safe internet environment.
“The effort must be the result of a coordinated approach where stakeholders have a shared understanding of their respective roles and responsibilities and take actions that promote integration of complementary ecosystem capabilities.”