With 2016 wrapping up as one of the worst years for cyber attacks, it would be hard not to notice the widespread damage cyber criminals have had on companies, institutions, government entities and, of course, billions of individuals.
Some headlines this year even revealed data breaches that occurred years ago, as with LinkedIn and Yahoo! And the breach that impacted the Democratic National Committee also was an international event that caught plenty of attention globally.
Yet, corporate executives appear to be lagging behind other employees in understanding the implications that a cyberattack can have on their companies, according to a recent report by the research firm Gartner.
Boards of directors, in particular, aren’t taking the initiative to address, fund, and implement plans to defend their companies against cyber attacks.
"Some organizations do a better job than others, but those efforts are almost always led by CIOs, CISOs or business line managers and not by corporate boards, CEOs and executive management throughout government and the private sector," said Avivah Litan, an analyst for Gartner, in an article for ComputerWorld.com.
He noted that this was the case although it’s evident that cybercriminals have successfully launched attacks against companies, institutions, and government agencies of all sizes and in a wide range of industries.
A study backs those findings. According to the National Association of Corporate Directors (NACD), of the 600-plus corporate board directors and professionals responding to a survey, only 19 percent indicated that their boards had a high level of understanding of cybersecurity risks. That’s only slightly better than the 11 percent who responded that boards understood cybersecurity risks the previous year.
The survey also indicated that nearly 60 percent of respondents noted that it was challenging to oversee risks related to cybersecurity.