CISOs in Africa stuck in 'vicious cycle of risk'
CISOs in Africa are finding themselves toothless when it comes to fighting cyber crime, as they lack influence in the boardroom and battle to justify the appropriate budgets. This makes their organisations more vulnerable.
This was revealed in a new report from Kaspersky Lab, which found 83% of CISOs in Africa now believe cyber security breaches to be a matter of 'when' and not 'if', with financially motivated groups being the major concern.
The report also found the rise in cyber threats, together with the digital transformation initiatives many organisations are embarking on, makes the role of the CISO increasingly crucial in modern business.
"There is now more pressure on global CISOs than ever before. Some 57% consider complex infrastructures involving cloud and mobility to be a top challenge, and 50% are worried about the continuing increase in cyber attacks."
Globally, CISOs believe financially motivated criminal gangs (40%) and malicious insider attacks (29%) are the greatest risks to their businesses. They also consider these types of threat as the most difficult to prevent, because they are carried out by professional criminals and employees who are trusted and have legitimate credentials, respectively.
Although budgets allocated to cyber security are reported to be growing, with 68% of CISOs in Africa expecting their budgets to increase in the future, CISOs still say they are up against major budgetary challenges, because it's almost impossible for them to offer clear return on investment, or 100% protection from cyber attacks.
For example, over a third (36%) of CISOs around the world say they cannot secure their required IT security budgets because they cannot guarantee there will not be a breach.
Moreover, too often security budgets are viewed by a business as part of the overall IT spend, and CISOs find themselves competing for budget against other departments. One-third of CISOs claimed the budget they could be allocated is prioritised for digital, cloud or other IT projects instead, which may be able to demonstrate a clearer return.
Any successful breach could have catastrophic consequences for the organisation, and more than a third (35%) of respondents identified reputational damage as the most critical consequence of an attack in Middle East and Africa.
"Despite the negative impact of a cyber attack, only 26% of the global IT security leaders surveyed are members of the board at their respective businesses. Of those who aren't a board member, one-in-four (25%) believe they should be," the study reveals.
To find out more and read the full report, click here.