NTT Security Risk:Value report asks if business leaders are failing to shoulder responsibility for information security
14 November 2018
Narrow gap between CEO, CIO and CISO roles shows no single executive function stepping up
Lack of cohesion at the top sees organisations struggling to secure most important digital assets
Responsibility for information security is not falling to any one senior executive function, according to the 2018Risk:Value report from NTT Security, the specialised security company of NTT Group, which surveyed 1,800 senior decision makers from non-IT functions in global organisations.
At a global level, 22 per cent of respondents believe the CIO is ‘ultimately responsible’ for managing security, compared to one in five (20 per cent) for the CEO and 19 per cent for the CISO. In the UK, fewer respondents point to the CIO (19 per cent) and CISO (18 per cent) while the CEO gets the biggest vote at 21 per cent. The US (27 per cent) and Norway (26 per cent) buck the trend with more than a quarter of respondents suggesting the CEO is responsible, while in Singapore, one third say it is the role of the CISO – the highest figure across all 12 countries. Interestingly, around one in ten people in Switzerland believe the CFO is responsible for security.
“Responsibility for day-to-day security doesn’t seem to fall on any one particular person’s shoulders among our response base,” says Azeem Aleem, VP Consulting & UK&I Lead, NTT Security. “This narrow gap between the roles of CIO, CEO and CISO shows that no one executive function is stepping up to the plate. It could be a sign of unclear separation between the CIO and CISO though, as often they are the same or collaborate closely. On the other hand, should we be concerned that the CEO is not more involved in security matters, given the potentially damaging affects to the business, or should we be relieved that they are not managing a specialist task like this over and above other critical corporate responsibilities. The question is where do you draw the line?”
According to the 2018 Risk:Value report, although more people see the need for regular boardroom security discussions, their organisations are failing to raise it sufficiently at the C-suite level. While 80 per cent of all survey respondents agree that preventing a security attack should be a regular boardroom agenda item (up from 73 per cent in last year’s report) only 61 per cent say that it is, an increase of just 5 per cent on last year.
Data security poor due to lack of cohesion at the top
NTT Security’s report also suggests that this lack of cohesion at the top of the organisation means that many are struggling to secure their most important digital assets. Fewer than half (48 per cent) of respondents globally – 53 per cent in the UK – say they have fully secured all of their critical data. But with the General Data Protection Regulation (GDPR) now fully in effect, this is no longer an opportunity, but mandatory.
However, companies are beginning to take control of their data as cloud computing best practices mature. Around a quarter (27 per cent) report that the majority of their organisation’s data is currently stored on premise or in data centres (25 per cent). However, in 12 months’ time, a similar proportion (25 per cent) of respondents say that it will be stored in a cloud environment.
For further information on NTT Security’s 2018 Risk:Value report and to download a copy, visit: https://www.nttsecurity.com/en-uk/risk-value-2018
Notes for editors:
For a PDF of the 2018 Risk:Value Report or a copy of the global/UK infographic, images or further information/stats, please contact: [email protected].
Commissioned by NTT Security, the 2018 Risk:Value report research was conducted by Vanson Bourne, an independent specialist in market research for the technology sector, in Feb/March 2018. 1,800 non-IT business decision makers were surveyed in the US, UK, Germany, Austria, Switzerland, France, Benelux, Sweden, Norway, Hong Kong, Singapore and Australia. Predominately, organisations had more than 500 employees and were selected across a number of core industry sectors.
About NTT Security
NTT Security is the specialized security company and the center of excellence in security for NTT Group. With embedded security we enable NTT Group companies (Dimension Data, NTT Communications and NTT DATA) to deliver resilient business solutions for clients’ digital transformation needs. NTT Security has multiple SOCs, seven R&D centers, over 1,500 security experts and handles hundreds of thousands of security incidents annually across six continents.
NTT Security ensures that resources are used effectively by delivering the right mix of Managed Security Services, Security Consulting Services and Security Technology for NTT Group companies – making best use of local resources and leveraging our global capabilities. NTT Security is part of the NTT Group (Nippon Telegraph and Telephone Corporation), one of the largest ICT companies in the world. Visit nttsecurity.com to learn more about NTT Security or visit www.ntt.co.jp/index_e.html