DragonImages - Fotolia

EU managers need to up cyber security collaboration, study finds

There is still much work to be done in the area of collaboration and sharing responsibility when it comes to preventing data breaches, a study has found

The lack of collaboration on cyber security between the senior levels of business is leaving UK firms exposed to fines and reputational damage, a study has revealed.

One in 10 C-level respondents to a survey by Palo Alto Networks said they “kind of” understand what defines an online security risk, but admitted they “still have to use Google to help explain it”.

This finding suggests that the lack of consensus on where the responsibility for cyber security lies could stem from some lack of cyber security understanding at the leadership level.

The study concludes there is still much work to be done in the area of collaboration and sharing responsibility when it comes to preventing data breaches.

The survey of more than 760 business decision makers in the UK, Germany, France, the Netherlands and Belgium found that a significant amount of accountability is placed solely on the shoulders of IT.

Nearly half of respondents believe that ultimate responsibility for protecting an organisation from cyber security risk lies with IT.

Even 57% of IT department respondents said they had sole domain over a company’s security.

GDPR shares data responsibility across business

However, the European Union’s (EU’s) General Data Protection Regulation (GDPR), which is expected to be enforced by spring 2018, assigns responsibility to anyone who has access to data in the event of a breach – from customer service to IT and executives.

Failure to comply with provisions of the GDPR could result in fines of up to €20m or 4% of worldwide annual turnover, whichever is greater.

Read more about the GDPR

While the majority of respondents demonstrated a growing understanding of the cyber risks that businesses face, 1 in 10 employees still do not believe the company’s executives or board have a relevant or accurate understanding of current cyber security issues to prevent their organisation’s computing environment from compromise.

The study notes that while regulation and frameworks will standardise measures of success in relation to cyber security effectiveness, internal agreement is required in the meantime to allow for roles and responsibilities to be defined and for businesses to reach consensus on a unified approach.

Organisations need better view of risk

The survey results also highlight that the way in which organisations measure security does not provide a comprehensive view of all elements of risk.

The survey found that 25% of companies measure cyber security effectiveness by how many incidents have been blocked by a cyber security policy, 21% refer to how long it took an issue to be resolved, and 13% observe how long it has been since the last incident.

But according to Palo Alto Networks, pre-emptive and real-time measures – such as an organisation’s ability to monitor all the traffic in its network – also need to be taken into an account to provide an accurate view of risk.

“The new EU regulations will require businesses to step up their cyber security practices, and this can be an opportunity or a risk, depending on how these businesses choose to approach it,” said Greg Day, vice-president and regional chief security officer for Europe at Palo Alto Networks.

“Preventing data breaches requires everyone in an organisation to work together, share knowledge and define success ahead of European data protection law changes,” he said.

Palo Alto Networks recommends that organisations take the following steps to strengthen their computing environments against cyber attacks:

  • Build a cyber security strategy focused on preventing cyber attacks at every step of the attack lifecycle, taking employee awareness and accountability into account.
  • Use automated, state-of-the-art security technology that not only complies with regulations but also enables employees to work efficiently with the tools they need.
  • Educate everyone in the business on the role they play in preventing successful cyber attacks on the organisation.

Read more about data breaches

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on Privacy and data protection

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close