Board Involvement in Data Security Hindered by Lack of Actionable Information
Board Involvement in Data Security Hindered by Lack of Actionable Information

Studies have proven that technologies, policies and education are more effective if the culture of security begins at the board and C-suite level. This top-down prioritization of data security as a business issuenot a technical issue, has been proven to be a key differentiator in organizations being able to create effective policies and actions to tackle security gaps.

Despite this recognition of the importance of board and c-suite involvement in cybersecurity and security planning, it would seem there is still a long way to go to ensure the board is actively involved. According to a new survey from Bay Dynamics, part of the problem is that the information reported to the board is both incomplete and not actionable. The survey revealed that only two in five IT and security executives feel the information they provide to the board is actionable, indicating a complex problem in communication.

IT and security executives share frustration that the board is not providing the help they need to address cybersecurity issues, according to the survey. It could be that this belief in the ineffectiveness of the board is translating into poor reporting of information, which in turn is exacerbating the problem. Of the data that is reported, there is a heavy reliance on manually compiled spreadsheets, prone to error and manipulation, without putting that data in context.

The report, while troubling, does indicate that there exists room for improvement. Greater visibility over data, wherever it lives, and presentation of that data in appropriate context can go a long way toward improving the lines of communication between security executives and the board. We have been hearing a lot lately about the need for context at all levels of the organization, in order to better understand the risks to data and to put appropriate actions in place if security incidents are detected.

Here at Absolute, we help organizations gain visibility into the endpoint, providing them with a reliable two-way connection so they can monitor, assess and respond, regardless of user or location. We go beyond just visibility, giving you the tools your organization needs to gain insight into data on the endpoint and to quickly identify and respond to security incidents. Our reports provide accurate current and historical data, created automatically, with no chance of human error. Learn more about how our team can assist you with your risk response and endpoint security here.

ABOUT THE AUTHOR

Arieanna Schweber

Arieanna Schweber has been a part of the Absolute writing team since 2007. Arieanna was Canada’s first female professional blogger and has been professionally blogging since 2006 and has spoken at leading blogging conferences including BlogHer and Northern Voice. Arieanna has a joint degree in Business and Communications from Simon Fraser University and continues to build communities for Vancouver-based clients.