June 4, 2014 by Canadian Underwriter
An information security research firm is warning of a “disconnect” among corporate board members “regarding the perceived value of confidential data,” while 56% of Canadian respondents to a survey said cyber threats “sometimes fall through the cracks” of existing security measures at their firms.
Ponemon Institute LLC recently released Exposing the Cybersecurity Cracks: A Global Perspective, which was based on a survey last year of 4,881 information technology security practitioners in Canada and 14 other countries.
Traverse City, Mich.-based Ponemon Institute conducts research on privacy, data protection and information security policy.
In the survey, when presented with the statement “cybersecurity threats sometimes fall through the cracks of existing security systems,” 56% of Canadian respondents either strongly agreed or agreed. Worldwide, 69% of respondents either agreed or strongly agreed.
When asked “what best describes the level of knowledge and concern about cyber security among the board members” of their companies, 19% reported their directors had no knowledge or concern while 29% reported their board members’ knowledge as poor. Nearly one in three said their directors had “some” knowledge or concern, while only 13% described it as “good” and 5% described it as “substantial.”
The rating wasn’t much better for the non-IT executives at those firms. When asked what “best describes the level of knowledge among non-IT executives about your company’s cyber security defenses,” 5% of respondents described it as “substantial,” 16% said it was good, 34% said there was “some” knowledge, 35% said it was poor and 11% said there was none.
When presented with the statement, “My company’s leaders equate losing confidential data with a potential loss of revenue,” 20% of respondents worldwide said they agree or strongly agree.
“There is a disconnect regarding the perceived value of confidential data,” Ponemon Institute stated in the report. “Eighty percent of respondents say their company’s leaders do not equate losing confidential data with a potential loss of revenue, despite Ponemon Institute research indicating the average cost of an organizational data breach is $5.4 million.”
The report was sponsored by Websense Inc., a San Diego, Calif.-based computer security vendor.
When asked whether their company experienced one or more substantial cyber attacks during the past 12 months, 44% of respondents said yes.
The survey responses were captured in November, 2013. The sampling frame was 160,543 and 5,244 surveys were returned. Of those, 363 were screened and rejected, leaving 4,881 final responses.
In the screening questions, respondents were asked whether they were familiar or “very familiar” with cyber threats facing their companies, and how they were involved in cyber threat intelligence activities. Of the final respondents, 52% were “familiar” and 48% were “very familiar” with cyber threats facing their firms. All final respondents were either users of cyber threat intelligence (73%) gatherers of cyber threat intelligence (49%), analyzers of cyber threat intelligence (45%) or executives or managers in charge of threat intelligence activities (35%).
In addition to Canada, responses were received from Australia, Brazil, China, France, Germany, Hong Kong, India, Italy, Mexico, the Netherlands, Singapore, Sweden, the United Kingdom and the United States.