There are numerous good reasons to strategically declare the security of data in companies: starting with the progressive complexity of corporate IT to the integration of IoT (Internet of Things). What is the importance of IT security at the top of the executive floors? What else is moving the bosses when it comes to IT security?
(Unable to add media)
This is exactly what the IT security company Sophos wanted to find out in a broad study. The IPSOS opinion research institute interviewed high and higher managers (C-levels) in the three countries in the early summer of this year. IT staff was expressly excluded.
Some important findings from the study in the overview:
- IT security is not a top priority in most countries. The IT departments are responsible. A third of the companies rely on external IT services.
- World political situations and war have little influence on security awareness among managers. Only a third sees the view of IT security due to the current global political situation.
- The executive floors are safe with IT security. The majority state that they have been well-prepared for a long time.
- C-level managers in particular expect economic consequences through cyber attacks. The focus is on recovery costs or disorders of commercial processes. Very few expect the loss of customers and employees as well as possible failures as part of the supply chains.
IT security is not a top priority
The vast majority of the managers surveyed (around 81 percent) state that they have a high to very high awareness of IT security. According to the information of all respondents, IT security was also located in the majority of companies (over 60 percent) within the past three years to a higher or highest hierarchical level.
An interesting contradiction is revealed here because when it comes to the question of the actual responsibility for IT security, there is another, quite expected image: the larger the companies are, the less the management level is responsible. This applies especially to companies with more than 200 employees, here only 1.9 percent of those surveyed state that IT security is located at the level of management or board of directors. This value is significantly higher for smaller companies with up to 199 employees and in retail, and the boss is still involved in around 22 percent.
The main responsibility for cyber security 49.1 percent of its own IT department in larger companies, and 36.5 percent of smaller companies are also responsible for their own IT teams. With 35.8 percent in the larger and 33.1 percent among smaller companies, a good third of all companies also transfer responsibility for their IT security to external service providers.
Executive floors think they are in IT security
Of course, it was also a matter of experiencing Sophos whether and to what extent, in view of the global political situation and the current war in Europe, which raged long before the actual military discussion at the cyber level, the perception, and importance of IT security within the last two Have changed years. To this end, 23 percent of the respondents from companies with more than 200 employees and almost 36 percent from smaller companies confirmed that cyber security had become even more important.
The majority, however, apparently feel very safe anyway: 53 percent of the smaller and even almost 70 percent of the larger companies state that nothing has changed in terms of consciousness for cyber security in the past two years and that one has already been well positioned for this.
Cyber attack sequences: these are the greatest concerns
With a view to the consequences of a cyber attack, the most mentioned costs in executive floors – for example, the necessary restoration of business operations. The possible interruptions of the commercial processes are the second most common in the focus.
An interesting aspect here: Problems in the context of the supply chains suspect even fewer respondents (23 percent) than a possible loss of image (28 percent). In the processing trade alone, and that is not a big surprise, almost 37 percent of those surveyed assume that the supply chains may be affected.
On the other hand, the leaders are hardly important to the loss of customers or employees as a result of cyber attacks: 19.4 percent and even fewer (1.5 percent) are feared by loss of customers losses to losing employees.
Even insolvency (9.5 percent) and fines due to data protection violations (5.5 percent) are hardly seen as risks, only in Switzerland there is a little more concern: Almost 22 percent expect insolvency and 11.8 percent fine payments as possible Consequences of cyber attacks.