IT calling for CEOs to be held accountable for data breaches
- New research from VMware finds over a quarter (29 percent) of UK IT decision makers state the CEO should be accountable for a data breach
- Yet, only five per cent of UK corporate leaders consider cyber security a priority to the detriment of driving a corporate initiative to rethink IT security
- While a quarter (24 percent) of businesses expect a serious cyber attack to hit their organisation in the next 90 days
VMware, Inc. (NYSE: VMW), a global leader in cloud infrastructure and business mobility, announces new findings from specialist market research agency Vanson Bourne that shows over a quarter of IT Decision Makers and office workers (29 per cent for both groups) in the UK believe the CEO should be held accountable for a significant data breach. When asked who should be most aware of the necessary actions to take following a significant data breach, 38 per cent of office workers and 22 per cent of ITDMs said the board, whilst over half (53 per cent) of office workers and 40 per cent of ITDMs believe it should be the CEO.
Serious cyber attacks are now a reality of doing business for many large organisations, with a quarter (24 per cent) expecting to be hit in the next 90 days. The research suggests the fall-out from these cyber attacks no longer lies solely in the remit of the IT team but is becoming part of a wider business discussion. However, additional research sponsored by VMware and conducted by the Economist Intelligence Unit earlier this year revealed that just five per cent of UK corporate leaders consider cyber security a priority for their business. As cyber attacks intensify and become more damaging for organisations, including the potential loss of intellectual property, competitive positioning, and customer data, organisations say they need to see more ownership and support from the C-suite and the board.
Vulnerabilities call for a new approach to security
With the complexities of an increasingly digital business world, current security methods are not keeping pace with attacks. In fact, more than one in three (39 per cent) of ITDMs in the UK believe one of the greatest vulnerabilities to their organisation to a cyber attack is threats moving faster than their defences.
Joe Baguley, CTO, VMware, EMEA commented:
“The issue around accountability is symptomatic of the underlying challenge faced as organisations seek to push boundaries, transform and differentiate, as well as secure the business against ever-changing threats. Today’s most successful organisations can move and respond at speed as well as safeguard their brand and customer trust. With applications and user data on more devices in more locations than ever before, these companies have moved beyond the traditional IT security approach which may not protect the digital businesses of today.”
People and processes are as much about the problem as technology, organizations say
Some of the greatest vulnerabilities to an organisation’s security stem from within, with employees who are careless or untrained in cyber security considered the greatest security challenge (cited by over half – 55 per cent – of ITDMs in the UK). Today’s research also reveals the steps employees are willing to take to increase productivity. Over a quarter (26 per cent) use their personal device to access corporate data and almost a fifth (16 per cent) would risk being in breach of the organisation’s security to carry out their job effectively.
Joe Baguley continued:
“Security is not just about technology. As the research shows, the decisions and behaviours of people will impact the integrity of a business. However, this can’t be about lock-down or creating a culture of fear. Smart organisations are enabling, not restricting, their employees – allowing them to thrive, adapt processes and transform operations to succeed.
“Forward thinking organisations understand that the reactive security of today is no longer doing its job of protecting applications and data. By taking a software-defined approach to IT that ensures security is architectured-in to everything, these businesses have gained the flexibility required to both secure and succeed as a digital business.”