Only 10 percent of Chief Information Officers (CIO) list cybersecurity as a top business priority heading into 2017, according to recent research from Deloitte. Innovating for customers, company growth, and technological performance top the list of CIO priorities.
Continue Reading Below
In the same study, 61 percent of CIOs identified cybersecurity as a core expectation of their role and department. The majority of CIOs surveyed said they are expected to minimize risk and protect customer information, but they don't believe the overall organization views security as a risk management and compliance chore, rather than as a technological business investment. However, 64 percent of those surveyed expect cybersecurity spend to increase over the next two years, and 45 percent said cybersecurity would have the most impact on their business within the next two years.
A recently disclosed report revealed a Yahoo breach affected more than one billion user accounts, the largest such attack in history. This attack is just one of the more than 288,000 complaints of business-related cybercrime reported each year in the U.S. The cost of global cybercrime has exceeded more than $100 billion, including more than $15.4 in the U.S. alone, according to Ponemon research. Attacks don't only target large organizations; 43 percent of attacks target businesses of fewer than 40 employees.
So…What about Security?
The data suggests CIOs don't believe their success is contingent on keeping the company secure, but rather on finding new ways to boost innovation, productivity, and revenue. Fifty-seven percent of CIOs told Deloitte driving customer value was a top business priority, while 49 percent said it was company growth, and 48 percent said it was company performance. CIOs have found themselves at the center of their companies' mission to produce better products and services faster, cheaper, and with better quality. Fifty-seven percent of the CIOs surveyed said assisting in business innovation and developing new products and services are core expectations, while 56 percent said developing the organization's digital capabilities are core expectations.
When each organization was asked to break down if their risk and security operations had been solidly defined, 25 percent said they were still building out their capabilities, while 44 percent indicated their capabilities were defined. Only 25 percent claimed their capabilities were excellent. Forty-one percent of CIO said their companies were underinvesting in cybersecurity, and 34 percent said they expect their security budgets to stay the same over the next two years.
The government and public sector was the only industry among the 10 surveyed to cite cybersecurity as one of the top three business priorities. However, even in the public sector cybersecurity took a back seat to regulations and cost, which were given first and second highest priority, respectively.
How to Stay Safe
For companies of any size, there are specific steps you can take to train your employees to stay safe. You should keep them up-to-date on the latest phishing and SPAM attacks; develop an acceptable use policy; offer password training; establish a system for reporting problems; develop a mobile device management (MDM) protocol; and offer remote access training, among many other tactics.
Additionally, your IT departments should institute the following important policies as soon as possible in order to stay safe in the new year: pay for premium cloud security; implement multifactor authentication; hire a security consultant; and revoke system access for all former employees, to name a few.
For added protection, it's important to layer security practices on top of one another: for example, you should build a web application firewall to protect your applications, while also implementing an endpoint protection solution to monitor the status of your computers and mobile devices. For a worst-case scenario, you can reinforce your entire network with a Disaster Recovery-as-a-Service (DRaaS) tool to continually back up critical systems and data, should something absolutely horrible happen.
The data provided by Deloitte was collected via a survey of more than 1,200 CIOs in 23 industries and 48 countries.