RANE (Risk Assistance Network + Exchange) and the Nasdaq Center for Board Excellence have released results of a survey of publicly listed companies and nonprofits that show boards and executive team members give themselves high marks for cybersecurity awareness but that additional training on cyber risks would be beneficial.
Cybersecurity has become the leading concern for businesses worldwide. The types of cyber risks that are the most important to boards/executive team members include:
- Ransomware attacks are the number one concern of the respondents.
- Cyber breaches resulting in stolen data are also of extreme concern, as are social engineering/phishing/business email compromise and cyber breaches resulting in destruction or manipulation of data.
- The area of least concern was a cyber incident caused by an insider threat.
“One major finding of this survey is that boards often focus on ransomware or other highly publicized attacks without realizing the connection between the attacks and the intersection with geopolitical events,” says RANE CEO Steve Roycroft. “RANE is pleased to partner with Nasdaq to provide critical information so boards can effectively benchmark their cybersecurity efforts.”
Almost all respondents express confidence that their board/executive team is prepared to respond to a cyber incident, however, some notable differences include:
- Only 59% of respondents say that cybersecurity training was provided to the board, and of those remaining, 69% indicated that they would like to receive training.
- A quarter of respondents say their board does not have a methodology for quantifying cybersecurity risk.
- The majority of respondents say their organizations carry cyber liability insurance, but only 9% say their policy ensures full resilience against any business interruptions.
For full details of the RANE and Nasdaq survey on cybersecurity and proactive next steps on which boards should focus visit.