More than half of all C-level executives at organisations in the Financial Times Stock Exchange (FTSE) 100 index feel that their board is cyber-security literate and actively engaged in routing security despite the growing number of successful cyber-attacks against UK organisations according to a new survey from Tripwire Inc. However the report also showed that IT professionals from the same organisations are not as confident in their board's cyber-security knowledge. As a result the study points to the confidence of executives, but reveals the scepticism of IT professionals.
Tripwire's study on the cyber-literacy challenges faced by organisations measured the attitudes of executives as they relate to cyber-security risk, decision-making and communication between IT security professionals, executive teams and boards. Respondents to the study comprised of C-level executives and directors as well as over 100 IT professionals from UK organisations.
“There's a big difference between cyber-security awareness and cyber-security literacy,” said Dwayne Melancon, chief technology officer for Tripwire. If the majority of executives and boards really understood these risks, spear-phishing wouldn't work. These results indicate the growing awareness that the risks associated with cyber-security are critical to the business. Melancon concludes that, “It would appear the executives either don't understand how much they have to learn about cyber-security, or they don't want to admit that they don't fully understand the business impact of these risks.”