Firms lack responsible exec for cyber security
A lack of cohesion at the top means organisations are struggling to secure most important digital assets, a report reveals.
Responsibility for information security is not falling to any one senior executive function, according to the 2018 Risk:Value report from NTT Security.
The report, based on a poll of 1,800 senior decision makers from non-IT functions in global organisations in 12 countries, shows that at a global level, 22% of respondents believe the CIO is “ultimately responsible” for managing security, compared with 20% for the CEO and 19% for the CISO.
In the UK, fewer respondents point to the CIO (19%) and CISO (18%) while the CEO gets the biggest vote at 21%. The US (27%) and Norway (26%) buck the trend with more than a quarter of respondents suggesting the CEO is responsible, while in Singapore, 33% say it is the role of the CISO, which is highest figure across all countries.
In Switzerland, 10% believe the CFO is responsible for security.
“Responsibility for day-to-day security doesn’t seem to fall on any one particular person’s shoulders among our response base,” said Azeem Aleem, vice-president consulting and UK&I lead, NTT Security.
“This narrow gap between the roles of CIO, CEO and CISO shows that no one executive function is stepping up to the plate,” he said. “It could be a sign of unclear separation between the CIO and CISO though, as often they are the same or collaborate closely.”
On the other hand, Aleem said findings could potentially raise concerns that the CEO is not more involved in security matters, given the potentially damaging affects to the business, but on the other, the findings could bring a sense of relief that CEOs are not managing a specialist task like security over and above other critical corporate responsibilities.
According to the report, although more people see the need for regular boardroom discussions about security, their organisations are failing to raise it sufficiently at the C-suite level. While 80% of all survey respondents agree that preventing a security attack should be a regular boardroom agenda item (up from 73% a year ago) only 61% say that it already is, which represents an increase of just 5% on last year.
The report also suggests this lack of cohesion at the top of the organisation means that many are struggling to secure their most important digital assets. Fewer than half (48%) of respondents globally – 53% in the UK – say they have fully secured all of their critical data. But with the General Data Protection Regulation (GDPR) now fully in effect, this is no longer an opportunity, but mandatory, the report notes.
However, companies are beginning to take control of their data as cloud computing best practices mature, with 27% reporting that the majority of their organisation’s data is currently stored on premise or in datacentres (25%). However, in 12 months’ time, a similar proportion (25% of respondents) say that it will be stored in a cloud environment.
Source computerweekly
Industry: Cyber Security News
Latest Jobs
-
- Network Security Engineer
- Germany
- €550 a day
-
German- based contract opportunity This is an onsite based position, we would need the Network Security engineer to be able to work on the client site 5 days a week Seeking an experienced Network Security Engineer for a leading technology company. Strong expertise in firewall/IPS solutions, proxy solutions, and certificate management is required. Good hands-on experience in networking and web-related technologies necessary. Strong problem-solving skills and the ability to work under pressure are essential. we are looking for a Network Security Engineer with the following experience: · Expertise in Administration, Management & Troubleshooting of Firewall / IPS solutions / Proxy solutions/Certificate Management Solutions · Good Hands-on Experience on security devices (PaloAlto/ /McAfee Proxy/CISCO ISE/Certificate Management) · Good Hands-on Experience in Networking with skills of switching, routing & wireless Technologies · Familiarity with web related technologies (Web applications, Web Services, Service Oriented Architectures) and of network/web related protocol · Configuration of NAT / PAT, firewall policies, profiling, objects, AD-Integration, backup – restore · Knowledge of Subnetting TCP/IP Communication, VLSM Configuration of VLAN VTP · Configuration of Routing Protocols e.g. RIPv1 & v2, OSPF, EIGRP, BGP Knowledge of standard and extended ACL 12 month contract
-
- IAM Consultant
- N/A
- Upto £110,000 depending on level of position
-
Identity Access Management (IAM) Consultant Location: Germany We are seeking an experienced IAM consultants in Germany. we are looking for people from consultant through to Architect, The ideal candidate will have previous IAM deployment experience and be fluent in German. Key responsibilities: Design and implement IAM solutions for clients Provide expertise on industry best practices and standards Troubleshoot and resolve IAM-related issues Work closely with clients to understand their business requirements and provide solutions to meet those needs Qualifications: Previous deployment experience with IAM solutions Fluency in German Strong understanding of IAM technologies and principles Excellent communication and project management skills If you are an experienced IAM consultant with a strong track record of delivering successful projects, please apply today.
-
- ForgeRock Consultant
- Spain
- Upto €85000 plus benefits
-
ForgeRock deployment consultant is needed for this expanding IT Services business within Spain, to act as their ForgeRock technical lead, Responsibilities include: High level and low level design, Scoping the techical needs of the project design, configure, develop and test the forgeRock deployment. We are looking for a strong IAM consultant ideally with ForgeRock experience, Must have strong Oauth 2.0, SAML and API experience
-
- IAM Consultant
- France
- Upto €85000 plus benefits
-
An Identity & Access Management Consultant is needed for an expanding IT Security consultancy, based in France. (Remote role with monthly office meet-ups) The Identity & Access Management Consultant will be responsible for the technical design and implementation of Identity & Access Management/IAM products for a wide variety of clients. Deliver bespoke end-to-end consultancy service to our clients, from gathering requirements through to implementation. Work in a close team designing, developing, and implementing first-class IAM solutions. Manage client relationships, working closely with key stakeholders to continually evaluate business requirements and ensure the highest quality solution delivery. If you are interested we are looking for an individual with Previous experience working within the IAM or CIAM field is essential, Strong knowledge with SAML and Oauth and ideally OpenID Previous experience from any of these technologies: One Identity, SailPoint, Saviynt, Ubisecure, Ping Identity, would be advantageous