[BreachExchange] Security Pros 'Prefer' Root Canal Surgery Over Informing Board of Breaches

[Destry Winant]

https://www.infosecurity-magazine.com/news/security-pros-prefer-root-canal/

Almost half (44%) of security professionals would rather have root
canal surgery than make the dreaded walk of shame to the boardroom to
explain that they’ve suffered a data breach, according to results from
a survey carried out by malware protection firm Lastline at
Infosecurity Europe 2017.

Lastline polled 326 information security professionals during the
conference at London’s Olympia earlier this month and revealed the
severity with which all organizations—regardless of size or
industry—treat the prospect of a data breach..

“The fact that nearly half of cybersecurity professionals would prefer
to undergo a painful dental procedure than face their board about a
data breach just shows how seriously these attacks affect
organizations today.

“On a more positive note, it does show that cybersecurity has risen up
the board’s agenda,” he added.

Concerns have been raised for some time about how high up the priority
list cybersecurity and data protection has been for boards within
organizations, but it would appear that the unprecedented levels of
data loss seen over the last 12-18 months has made information
cybersecurity a top concern for all corners of a company.

Speaking to Infosecurity Steve Durbin, managing director, Information
Security Forum, said that the realities of operating in cyber space is
that at some point things will go wrong—and that could mean a breach
or loss of personal data.

“With regulators tightening their focus in this area, and with GDPR
this will only increase, boards are at last beginning to realize that
they have a key role to play in ensuring the security of the
business,” he explained.

However, in many cases we are still a long way off the level of mutual
trust and understanding required to ensure that cybersecurity is
aligned with corporate strategy, Durbin added.

“Security leaders need to continue to develop their relationship with
the board to explain, in business language, the implications of
certain actions and the requirements for good cyber-hygiene across the
business. This requires the commitment of the business and security to
work collaboratively.

“Nobody likes to deliver bad news to the board, and let's face it,
boards are not eager to hear such news, but a closer relationship
based on regular updates and sharing of steps being taken to align
security with strategic business direction will at least ensure a
higher degree of understanding in the boardroom that whilst a breach
of some nature may be inevitable.”