When tackling cyber risk, board involvement and effective communication continue to drive performance. Learn more in this report on the key findings from Protiviti’s 2017 Security and Privacy Study.
Global cybersecurity risk has never been higher, yet its magnitude is almost certain to intensify in the months and years to come. Cybercriminal activity against global companies surged in the past year, and there are growing signs—including expert analysis—suggesting that a form of global cyberwar has commenced.
Although these attacks vary in their intent, businesses remain in the crosshairs of these incursions. In addition to being something for which a company requires strong defenses, information security also needs to be planned for as organizations consider and deploy new approaches to generate revenue. Such conditions make cybersecurity a critical organizational priority and a top concern in the boardroom, C-suite, information technology function, and every area of the business.
It is imperative that boards and executive leadership keep close tabs on the state of their company’s cybersecurity programs. Protiviti’s latest Security and Privacy Survey delivers insights on the specific policies and qualities that distinguish top-performing companies from other organizations with regard to security and privacy practices. Our survey also identifies prime opportunities companies can leverage to strengthen their security capabilities.
As we detail in this report, our survey results show cause for optimism, but there are concerns as well. Positive signs are particularly evident in companies where 1) the board of directors is highly engaged in information security matters; and 2) management has in place a robust set of key information security policies. Key findings include:
- Having an engaged board and a comprehensive set of security policies make a huge difference.
- Most organizations need to enhance their data classification and management.
- Security effectiveness hinges on policies as well as people.
- Vendor risk management must mature.