The findings from the latest 2012 Carnegie Mellon CyLab Governance survey of how corporate boards and executives are managing cyber risks reveals the issue is still not getting adequate attention at the top. The survey, sponsored by RSA, The Security Division of EMC (NYSE: EMC), was the third survey conducted by CyLab Adjunct Distinguished Fellow, Jody Westby, and comparisons with the 2008 and 2010 data clearly show ongoing gaps in governance.
Using the Forbes Global 2000 list, the 2012 survey represents the first analysis of cyber governance postures of major corporations around the world. One of the most important findings is that boards and senior management still are not engaging in key oversight activities, such as setting top-level policies and reviews of privacy and security budgets to help protect against breaches and mitigate financial losses. Even though there are some improvements in key "regular" board governance practices, less than one-third of the respondents indicate their boards and senior executives are undertaking basic responsibilities for cyber governance.
Although improvements are shown in the formation of board risk committees and cross-organizational teams within their organizations, nearly half of the respondents indicated that their companies do not have full-time personnel in key privacy and security roles, and 58 percent of the respondents said their boards are not reviewing their companies’ insurance coverage for cyber-related risks.
To help company boards improve corporate governance of privacy and security, the advance findings of the research included recommendations for organizations to undertake the key governance activities highlighted in this slideshow.
Five Defensive Actions to Take Before Your Mobile Device Is Stolen Don't get caught unprepared. Protect your mobile data now.
Five Business Process Management Pitfalls to Avoid Five BPM threats BPI (business process improvement) leaders need to be mindful of as organizations progress on their BPM initiatives.
Mobility Today: Balancing the Benefits and Risks of Mobile Adoption IT is striking a balance between mobile benefits and risks by transforming its approach to mobility.
The newfound emphasis on tools and service integration is shaping a new crop of industry professionals — the actual faces behind the IT infrastructure. ... More >>
Experience shows that organizations that manage GRC as an integrated program — involving people, processes and technologies — are more successful in delivering value to their organizations ... More >>
Advice and tips for entrepreneurs and companies that are no longer startups but not quite ready for an IPO, also known as "tweens." ... More >>