NTT Security: Who is in charge of protecting data?

Responsibility for security is falling in between the gaps in the boardroom with few customers giving a single individual the onus of looking after the issue.

That makes it a challenge for resellers trying to make sure they have got the message across about securing data, with it unclear in some cases if the person that needed convincing was the CEO, CIO or CISO.

According to research from NTT Security finding out who has responsibility for day to day security matters is not always clear with decision makers in the UK pointing to the CEO first and foremost as the source of leadership. That contrasts with the global findings, which put the CIO as the person ultimately responsible.

“Responsibility for day-to-day security doesn’t seem to fall on any one particular person’s shoulders among our response base,” said Azeem Aleem, vp consulting & UK&I lead, NTT Security.

“This narrow gap between the roles of CIO, CEO and CISO shows that no one executive function is stepping up to the plate. It could be a sign of unclear separation between the CIO and CISO though, as often they are the same or collaborate closely,"  he added  "On the other hand, should we be concerned that the CEO is not more involved in security matters, given the potentially damaging affects to the business, or should we be relieved that they are not managing a specialist task like this over and above other critical corporate responsibilities. The question is where do you draw the line?” 

The 2018 Risk:Value report indicated that although more customers recognised the need for senior leadership to be dicsussing security matters that wasn't happening in most cases.

The sadly predictable result of that confusion is that 53% of respondents in the UK felt that they had fully secured their most important digital assets. All of this comes at a time when a quarter of those quizzed by NTT revealed that they were looking to move more data into the cloud.

The other statistics that the channel will only be too aware of is that the number of attacks is also increasing. Figures from Carbon Black last month revealed that 92% of UK firms had been attacked in the last year.

“The stats clearly show that defenders are not keeping up with attackers’ spending,” said Tom Kellermann, Chief Cybersecurity Officer, Carbon Black. “The fact that 92% of UK companies have experienced a breach in the last year and nearly half have been breached multiple times is sobering. It’s critical to educate UK businesses on the threats they face and how these threats can be mitigated.”