Cyber-security is the number one technology issue in the C-suite and Board Room. No wonder that many senior executives are asking what they can be doing to stem the tide of cyber-attacks on their firms.
[2024]Digital Global Overview Report 2024 Meltwater.pdf
The C-suite, the Board and Cyber-defense
1. SPONSORED BY
HOW A PROACTIVE C-SUITE CAN REDUCE CYBER-RISK FOR THE ENTERPRISE
EXECUTIVE SUMMARY | PAGE 1
Why is the C-suite/board so critical? Because defence is no
longer an “IT project” – it is a multi-point strategy that
requires the authority of the C-suite/board to make it work.
This is not the passive, ‘firewall perimeter’ defence. Instead,
a proactive strategy that mobilises the workforce, engages
customers and suppliers, and anticipates potential threats.
1Top priority of the C-suite/board in successful companies
Firms with higher growth in cyber-attacks (+21.1%)
Firms with lower growth in cyber-attacks (+9.8%)
Increase in attacks over past two years
Comparative engagement of the board
Cyber-attacks are becoming a threat to the health—if not the
survival—of the enterprise. What can C-suite executives and
board members do to protect their firm?
Research conducted by The Economist Intelligence Unit (EIU), sponsored by Oracle, shows that certain firms
are able to consistently demonstrate success in reducing breaches across all major forms of cyber-attack.
2Adopt a proactive data defence strategy Provide C-suite/board support of the strategy
What are steps the C-suite/board can take to reduce the firm's vulnerabilty?
42%
17%
18%
9% 10%
6%
39%
24%
30%
2%
6%
4%
18%18%
23%
6%
Hacking Ransomware Public
disclosure
Malware Corporate
espionage
Government
espionage
Customer
data
Financial
theft
Average growth
over two years
53%
Average reduction of
in the rate of growth of
major cyber-attacks
Supporting a proactive security strategy
Building security culture
Security programme oversight
Recruit security personnel
Ensure financial support
Balance security with productivity
Collaborate with external entities
Support security across silos
Security crisis management
C-suite/board
feels it gets
sufficient
information
32%
11%
17%
22%
46%
13%
45%
21%
33%
14%
27%
9%
9%
8%
6%
4%
4%
Standing board
committee on
data security
Security factored
into board
strategic
decisions
C-suite/board
has necessary
expertise in
data security
21.1%
Unsuccessful companies
9.8%
Successful companies
THE C-SUITE, THE BOARD
AND CYBER-DEFENCE
2. What are steps the C-suite/board can take to reduce the firm's vulnerabilty?
SPONSORED BY
HOW A PROACTIVE C-SUITE CAN REDUCE CYBER-RISK FOR THE ENTERPRISE
EXECUTIVE SUMMARY | PAGE 2
All companies face the global shortage of qualified
security personnel. The successful companies are those
that meet the challenge by training up their existing
personnel and building their expertise in-house.
Companies with lower breach rates have
centralised their security, allowing common
standards, controlled detection and concentration
of expertise. It can also lower costs.
5Firms with centralised/hybrid management of data security Comparative employee involvement
6Centralise management of security operations Grow your own people as security experts
Employees are the largest source of breaches.
Engaging them—through training, communication
and incentives—is a priority. It takes the C-suite
and the board of directors to make this happen.
Successful firms are almost twice as likely to have been
successful in breaking down organisational barriers to
security. This allows them to build a common security
standard and promote it across the organisation.
3Level of success in
breaking down silos*
*% of respondents who said they were successful + very successful breaking down silos.
Comparative employee involvement
4Break down the silos and
build common standards
Get the workforce engaged
Our employees
support our security
programmes
Our employees
comply with our
security policies
Our employees
receive sufficient
security training
72%
54%23%
Less successful firms
More successful
Less successful firms More successful firms
We can train and
repurpose our existing
personnel in security
More successful firms
61%
81%
54%
73%
42%
62%
28%
51%
36%Less successful
THE C-SUITE, THE BOARD
AND CYBER-DEFENCE
Firms with higher growth in cyber-attacks (+21.1%)
Firms with lower growth in cyber-attacks (+9.8%)
3. They have confidence in
their current capacity to
fight cyber-crime.
They rate themselves highly
against their peers.
They have much higher levels of
confidence in their future ability to
meet the challenge of cyber-attacks.
Conducting independent
security audits
Providing early
warning/alerts
Conducting independent
probes and tests
What are steps the C-suite/board can take to reduce the firm's vulnerabilty?
Companies that execute this strategy with the backing of the
C-suite/board are also more confident in their current security
situation and in their future defence against cyber-attack.
SPONSORED BY
THE C-SUITE, THE BOARD
AND CYBER-DEFENCE
HOW A PROACTIVE C-SUITE CAN REDUCE CYBER-RISK FOR THE ENTERPRISE
EXECUTIVE SUMMARY | PAGE 3
Cyber-attacks increased by 38% in
2015, yet most security budgets are
increasing by less than 10%.
Only the C-suite/board can make the
decision to allocate scarce budget
and resources to their cyber-defences.
Third-party security vendors add three elements to successful security:
• Source of scarce expertise
• Independent view for monitoring and audits
• “Lateral vision” and early warning in emerging cyber-threats.
Successful firms engage them at more than twice the rate of unsuccessful ones.
7How important are third-party vendors in providing the following security services?
(Important and very important)
% answering data security budget as sufficient
Firms rating themselves
leaders in cyber-security
% answering confident or very confident
8Engage third-party experts where necessary
Provide the funding
that is needed
39%
69%
19%
48%
20%
53%
26%
36%
56%50%
67%More successful firms
25%
Less successful
firms
Firms with higher growth in cyber-attacks (+21.1%)
Firms with lower growth in cyber-attacks (+9.8%)
67%41%