Execs lack cyber risk management understanding

Read time 1min 20sec

Execs lack cyber risk management understanding

RSA, the security division of EMC, reveals in Carnegie Mellon CyLab's 2012 Governance Report that there is a gap in board-level understanding of enterprise cyber risk management, The Sacramento Bee reports.

The report claims that all sectors are not undertaking critical governance activities such as reviewing cyber insurance coverage, assigning key privacy and security responsibilities, and receiving regular reports on cyber risks and incidents.

More than half (57%) of surveyed respondents are not analysing their cyber insurance coverage nor undertaking key activities related to cyber risk management to help them manage risks associated with the theft of data, 4-traders states.

Respondents from critical-infrastructure sectors, such as the energy, utilities and telecoms sectors, indicate that close to 80% of their boards of directors do not review insurance for cyber-related risks.

Tom Heiser, RSA president, calls for senior executives and board directors to boost their involvement in cyber risk management, Virtual Strategy Magazine says.

Heiser notes: "The increasing criticality of digital resources and the more complex threat landscapes mean senior executives and boards must get better at marrying security functions with corporate operations.

“Boards are asking questions about risk and IT security; now there needs to be a closed loop system with management for risk policies to assure a trusted IT environment throughout their enterprise.”

Have your say
Facebook icon
Youtube play icon