Some Board Level Executives Have Poor Grasp On Cyber Security

[HardOCP News]

It's pretty damn scary when the people in charge of making day to day decisions for huge companies are this clueless when it comes to cyber security.

A significant number of board level executives still have such a poor grasp on cyber security issues that it threatens to put whole organisations at risk from data breaches. That's the stark warning following a survey by security company Palo Alto Networks which directly asked C-Level executives about their knowledge surrounding security issues and 13% said they only "kind of" understand what defines an online security risk to a businesses. Worryingly, many in leadership roles also said they still have to use Google to help explain cyber security risk.

 

[Armenius]

When there is Google, you don't have to know anything.

 

[schizrade]

Not shocking in any way at all. The "CIT" here doesn't know jack crap about anything (scary), he relies on subject matter experts when he makes decisions (smart).

 

[ccmfreak2]

I'm confused - why are "Board Members" being questioned about the security of a company? Isn't that the job of the CIO, who reports directly to the CEO? Most board members also don't know much about the day-to-day operations that take place in most companies, but once again that's what the COO is for. Board members exist to hold the company financially accountable, ensure they're executing on high-level strategies, and represent other share holder interests.

 

[Wiffle]

This is what happens when you pay someone else to do just about everything for you. These are the same type of people who accidentally shoot their friends in a "hunting" accident because they literally have no clue what they are doing. I quote hunting, because they aren't actually hunting anything. More like they pay someone to shoot some pre-seeded animals on someones property in the harshness of a pre-built blind.

 

[Dekoth-E-]

Having actually worked for a number of large organizations over the years I would argue that most people in general are clueless concerning cyber security. Top to bottom people don't have a clue and sadly a large percentage of people in the IT field are just as clueless.

 

[kbrickley]

I just had to complete our company's Cybersecurity awareness training. It basically amounted to a fairly standard list of items (don't use the same passwords, watch your environment, don't click links, don't leave your computer unlocked, etc). I am not sure what they are expecting from companies. Ultimately many of the Cybersecurity responsibilities do fall to IT and the CIO (firewalls, employee monitoring, virus scanning, etc). What do they expect CEOs, CTOs, CFOs, COOs, and the various other CxOs to know?