The new Barracuda Networks CIO report, Leading Your Business Through Cyber Risk, pointed out that many organisations find it difficult to implement company-wide security policies such as authentication measures and access controls.
Close to 49 per cent of the smaller to mid-sized companies surveyed find this one of their top two governance challenges. The report states one in 10 businesses doesn’t have an incident response plan, and six in 10 businesses struggle to manage cyber risk.
Many organisations have concerns about a lack of security and control over the supply chain and visibility into third parties with access to sensitive or confidential data.
Siroui Mushegian, CIO of Barracuda Networks, said, “For many businesses today, a security incident is almost inevitable. How you prepare for, withstand, respond to, and recover from the incident matters the most. This is cyber resilience. Advanced, defence-in-depth security solutions will take you most of the way there. Still, success also depends on security governance — the policies and programs, leadership, and more that enable you to manage risk. When NIST updated its benchmark cybersecurity framework earlier this year, it added security governance as a strategic priority.”
Close to 35 per cent of the smaller companies worry that senior management does not see cyberattacks as a significant risk. In comparison, the larger companies are most likely to struggle with a lack of budget (38 per cent) and skilled professionals (35 per cent).
The report explores the top governance challenges facing companies trying to manage cyber risk and boost their cyber resilience. The report offers practical tools such as a checklist template, created with Barracuda’s own IT and security leadership, to help companies navigate their way to resilience.
It offers templates that help organisations manage cyber risk and map where they are in their journey toward cyber resilience. The cyber resilience checklist draws on the latest iteration of the U.S. National Institute of Standards and Technologies (NIST) Cybersecurity Framework.
