What differentiates a top-performing organization in terms of IT security and privacy? According to Protiviti’s latest IT Security and Privacy Survey, “tone from the top” is a critical differentiator. The new report looks at how organizations tackle notable security gaps with effective policies and actions, with board engagement being one of the top ways effective security trickles down.
According to the survey, which gathered insights from 708 Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, IT vice presidents and directors, and other IT management professionals, one third of companies lack policies for information security, data encryption and data classification. These companies show a lower level of confidence and lower capabilities overall in IT security activities, showing the importance of a strong foundation in security. One of the biggest identified oversights is in identifying the most critical information, with 71% not having a strong awareness of potential exposures.
The survey revealed that those organizations with top-down support are best able to put together policies and actions to tackle these obvious gaps. Although board support is critical to effective security, it’s not always straightforward to find that support. This report indicates that only 28% of organizations have a high level of engagement by the board. We talked earlier this year about how to work with the board in creating a successful GRC strategy, and the importance of translating data security from a technology issue to a business issue, which can easily be “owned” by executives and board-members.
The most secure organizations are ones where there is a culture of security that is embedded top-down, where every employee, from the board to the mail room, understands their role in protecting corporate data, with tools that both support, enable and protect data wherever it resides. To learn about how Absolute can help your organization get there with tools to support GRC initiatives for the endpoint, visit our website.