UK Boardrooms Falling Short on Cyber Expertise
More than two-thirds (67%) of UK firms believe security concerns are holding back their efforts to grow through digital innovation, with many blaming a lack of engagement at a board level, according to Ernst & Young (EY).
The global consultancy polled 175 C-suite executives at UK-based organizations, split fairly evenly between business (CEO, CFO, COO etc.) and IT (CIO, CISO) roles, in order to compile its report, Cybersecurity for competitive advantages.
While 42% claimed to be behind their competitors in adoption of new technology, cloud computing and IoT topped the list of tech perceived to pose the greatest risk to the business.
Overcoming these concerns may require closer boardroom alignment and ownership of the problem.
Some 57% of business leaders and half (50%) of technology leaders cited a lack of business sponsorship as the biggest barrier to improving their organization’s cybersecurity.
However, strategic views diverged significantly after that. Most tech leaders (58%) said that giving an individual board member overall responsibility for cybersecurity would have the greatest impact, while the majority (64%) of business leaders said the biggest gains would come from making cybersecurity more of a strategic priority.
Yet unfortunately, over half (57%) of those surveyed don’t currently have a board member with direct expertise in cybersecurity and even more (67%) don’t think one is needed.
EY’s EMEIA advisory cybersecurity leader, Mike Maddison, argued that while direct security experience may not be essential, there needs to be better understanding at a board level of cyber-related risk.
“In recent years, the rate and pace of technological advances, regulatory change, cyber-attacks and data breaches have moved cybersecurity rapidly up the corporate agenda,” he added.
“Protection and prevention are still paramount yet, to stay ahead of these evolving trends, organizations need to start thinking differently about cybersecurity. Business leaders need to make the leap from seeing cybersecurity as only a protective measure, to it also being a strategic value driver.”
Two sectors leading by example are tech, media and telecoms (TMT) and retail. TMT respondents had the highest levels of board awareness, the largest planned investments in cybersecurity and the fewest concerns around security as a barrier to tech adoption, while all retail respondents believe a “cyber-secure” brand is important for competitive advantage.