Cybersecurity Becoming Shared Responsibility Across C-suite, Says Study
Executives now recognize cybersecurity as a key business driver.
Cybersecurity is now recognized as a key business driver by the C-Suite, according to a new Radware report, which found that security threats are causing companies to make a fundamental shift in thinking about the role of security in customer experience, marketing and business operations. In fact the predominance of cybersecurity as a business issue extends to the board, with a majority (72%) of executives reporting information security is an agenda item for every board meeting, said the study.
The report that surveyed 263 senior leaders from companies across the globe, including finance, retail/hospitality, telecom providers and found that four main business impacts of a security incident. Those were customer loss (45%), brand reputation loss (44%) and revenue loss or operational (32% each).
Security, now a shared responsibility
At the same time, customers want to understand what companies have done to secure their products and services. 75% of executives report that security is a key part of their marketing messages. 50% of companies surveyed offer dedicated security products and services to their customers. Additionally, 41% offer security features as add-ons within their products and services, and another 7% are considering building security services into their products.
“Because organizations have spent billions digitally transforming themselves over the years to create faster, easier and more numerous access points to their customers, they have also increased their vulnerability in equal measure,” said Anna Convery-Pelletier, CMO at Radware.
“While responsibility for cybersecurity continues to be spearheaded by the CIO and CISO, it is also being shared throughout the entire C-Suite. Security issues now influence brand reputation, brand trust and consumer trust. This forces organizations to make a fundamental shift in thinking about the role of security in customer experience, marketing and business operations.”
Still a long way
However, despite the interest of C-suite in cybersecurity issues, the report found that companies still have a long way to go to protect themselves. The respondents estimated an average cost per attack of about $4.6 million. Also the total cost of cyber-attacks to their organization is more than $10 million. It nearly doubled in frequency from the previous year.
A majority (70%) of senior executives surveyed in North America and Europe report their company experienced a cyberattack in the prior twelve months. And 75% of surveyed participants in EMEA say their networks are susceptible to cyberattacks.
In addition, Radware’s 2019 C-Suite Perspectives offers some interesting insight.
The road to improved security isn’t always secure.
As organizations ramp up their digital transformation efforts, which often include embracing the public cloud, 54% of respondents report improving information security is one of their top three reasons for initiating digital transformation processes. However, 73% of executives indicate they have had unauthorized access to their public cloud assets.
Data breaches are most common in Europe, despite GDPR regulations.
74% of European executives report they have experienced a data breach in the past 12 months. This is compared to 53% in America and 44% in APAC. Half (52%) of executives in Europe have experienced a self-reported cybersecurity incident under GDPR in the past year.
Bots continue to impact bottom-line business.
Executives are discussing bots in their board management meetings. 53% say they’ve encountered reduced website revenue due to inventory hold-ups by bots. Another half report bots skewing marketing analytics, and 36% have talked about abuse of user accounts or payment information.
Investments in machine learning & AI are growing.
The majority of respondents (82%) have shifted more budget into machine learning/AI over the past two years. This represents a continued focus on automation as just 71% said the same in 2018. Individual regions report allocating an average of 37% of their security budget toward AI security systems. This includes Americas 49%, EMEA 30%, and APAC 31%).
Customers increasingly take action following a breach.
Following a data breach, survey participants report an average churn of 30% of customers. They estimate the average investment to win a customer back at almost $100,000.