Companies move forward in their battle against cyber threats
Two UMass Dartmouth faculty recently conducted a nationwide study to examine the state of cyber risk in companies from a management perspective. Specifically, 550 management team members, across a variety of industries and company sizes, were asked about cybersecurity today, the level of risk to their companies, and what their organizations are doing to mitigate the risk.
The study was done by Associate Professor Timothy Shea (Management Information Systems) and Peter Karlson, a Charlton College of Business (CCB) Entrepreneurship Lecturer, Founder of NeuEon Inc., and CCB Advisory Board member. The study was co-sponsored by technology advisory firm, NeuEon, and the Charlton College of Business.
In a world under constant threat of cyberattack, 100% of the companies replied they have definitely or likely experienced a breach or other serious cybersecurity event in the last two years. Seventy-eight percent of the companies surveyed conducted a comprehensive cyber risk assessment or audit in the past two years. Of those companies, 72% made significant changes. Companies that consider themselves to have a great deal of cyber risk have been pleasantly surprised at their progress in their most recent assessment or audit.
Organizations have responded aggressively through a full-time Chief Information Security Officer (CISO) (84% of the companies), a cyber risk security team (86%), and increasingly engaged management. Eighty percent said cybersecurity or cyber risk topics arise in management meetings weekly or monthly. For CFO’s, the frequency increases to 83%. Finally, for 49% of the companies, the CEO is responsible for coordinating the response to significant cyber events.
"One hundred percent of the companies surveyed nationwide said they have definitely or likely experienced a serious cybersecurity event in the past two years … 100 percent!" said Associate Professor Timothy Shea. "The good news is that companies are responding aggressively to this challenge."
Shea and Karlson add that the study shows that while companies still face significant cyber risk, their management teams are now hyper-aware and leading the response and mitigation efforts.