Houston, we have a problem!
So goes the famous NASA mis-quote (Apollo 13 astronaut Jack Swigert actually said “Houston, we HAD a problem here”. You may recall that the Apollo 13 capsule did limp home after aborting its mission. The “problem” that they had was more like a catastrophe and it was, to most people, absolutely amazing that NASA was able to get the astronauts home safely.
This time the problem is CEO’s perception of their organization’s cybersecurity preparedness.
According to a study by the security firm Redseal, 80% of the CEOs responding are very confident of their cybersecurity strategy.
This is in spite of numbers from the accounting firm PriceWaterhouseCoopers that says that loses from cyberattacks will jump from $500 BILLION in 2014 to $2 TRILLION in 2018.
Back in 2014, FBI Director James Comey issued that now famous quote to 60 Minutes that said “there are two kinds of big companies in the United States – those that have been hacked and those that don’t know that they have been hacked.”
On the other hand, 87% of CEOs said that they need a better way to measure the effectiveness of their cybersecurity spending – while at the same time almost the same percentage, 84%, said that they will increase spending on cybersecurity in 2017.
The research firm IDC said that companies forecast spending over $100 billion in 2020 on cybersecurity software, services and hardware – up 38% from 2016.
There are several positive stats, however.
90% of the CEOs want information on a daily basis about their network’s health – but they need it in terms that they can understand. 79% of the CEOs say that cybersecurity is a strategic function that starts with the executive team and not IT.
The only stat that I am concerned with is that first one. If 80% of the CEOs think their cybersecurity posture is good, then why are we seeing the breach of the week. These breaches are not from small companies – Target, Home Depot, Hilton, Starwood, etc.
I think that CEOs need to come to the realization that their preparation for and ability to respond to cyber attacks is not in good shape and then make it a corporate strategic program to deal with. If companies do not acknowledge the state of their cyber security preparedness then they will never be able to deal with the problems.
Information for this post came from Information Management.