Uncertainty Is Widespread Across Companies Over Who Takes Lead on Cyber, Says Willis Towers Watson
A majority of executives around the world feel they face a "specialist-generalist" dilemma as to whom leads on cyber resiliency due to its critical nature across the company, but also the recognition that specialization is necessary. This is according to the results of a global survey conducted by
The survey also found that communication within leadership roles regarding cybersecurity risks is also inconsistent:
* Only 8% of executives say that their CISO or equivalent performs above average in communicating the financial, workforce, reputational or personal consequences of cyber threats.
* Less than a quarter of executives say that their cyber resilience board briefings are "well above average".
* Under 15% give their CISOs or equivalent a top rating from a scale of one to ten.
"It is no surprise that one of the main challenges companies face when implementing a cyber risk mitigation or resiliency plan is the communication gap between the board and the CISO," says
According to the survey, the specialist-generalist dilemma is not only faced at the board level, as cyber requires specialist knowledge and skills along with enterprise-wide business, workforce and process capabilities. For example, as workforce vulnerabilities contribute to most cyber incidents, two-thirds of companies surveyed believe HR and Information Security partnership is key. When asked whom takes a lead role in developing employee-related cyber risk policies, 54% said HR leads with Information Security advising and 28% said Information Security leads with HR advising. "These findings are encouraging because they signal that more organizations are involving their HR function in addressing cyber risk. Still, organizations need greater collaboration between their CHROs and their CISOs to truly assess the organizational culture driving cyber risk in the first instance. The solution isn't always more security awareness training. It could be a leadership or incentives and rewards issue, things that fall squarely within the function of the CHRO," Dagostino added.
Some other key findings around leadership responsibilities for cyber include:
* Three out of the four regions surveyed believe that the "board as a whole" should oversee cyber risk, while
* Only 30 percent of executives believe they have enough directors that understand cyber risks and only 23 percent are actively recruiting directors who understand those risks.
* In all regions except the
For more insights on executive leadership on corporate cybersecurity concerns, read the our full report: How boards can lead the cyber-resilient organisation.
Munich Re Acquires Tech Company Relayr
New Report Shows Harmful Effect Rising Health Care Costs Have on Wage Stagnation
Advisor News
Annuity News
Health/Employee Benefits News
Life Insurance News