Governance of Enterprise Security: CyLab 2012 Report

Advanced Key Findings

Carnegie Mellon CyLab has just concluded its third survey on how boards and senior executives are governing the privacy and security of their organizations’ digital assets (networks, systems, and data). Sponsored by RSA, this survey reached beyond the U.S. survey populations used for the 2008 and 2010 CyLab Governance of Enterprise Security reports. Using the Forbes Global 2000 list, the 2012 survey represents the first analysis of cyber governance postures of major corporations around the world. Although the survey population was larger, the survey response rate was comparable to that achieved in 2010, with similar percentages of respondents: CEO/Presidents (52%), Corporate Secretaries (15%), and Board Chairs (24%).

Today, cyber attacks have moved to a new level: corporate data is at a higher risk of theft or misuse than ever before, and the systemic nature of recent attacks has alarmed both industry leaders and government officials around the world. These are issues that now require active oversight by boards and senior executives. Although it has long been recognized that directors and officers have a fiduciary duty to protect the assets of their organizations, this duty now extends to digital assets, and it has been expanded by laws and regulations that impose specific privacy and cyber security obligations on companies. For example, the Securities & Exchange Commission recently issued guidelines that require public companies to disclose the risk of cyber incidents if they materially affect a registrant’s products, services, relationships with customers or suppliers, or competitive conditions, or if they make an investment in the company speculative or risky. Officers and directors will not be able to meet their fiduciary responsibilities and compliance obligations if they are not exercising adequate governance over the privacy and security of their systems and data.

2012 Survey Findings

One of the most important advance findings of the CyLab 2012 Governance survey is that boards and senior management still are not exercising appropriate governance over the privacy and security of their digital assets. Even though there are some improvements in key “regular” board governance practices, less than one-third of the respondents are undertaking basic responsibilities for cyber governance. The 2012 gains against the 2010 and 2008 findings are not significant and appear to be attributable to slight shifts between “occasionally,” “rarely,” and “never.”

Full Report:

0 yorum: