Virtualization Technology News and Information
Closing the Accountability Gap in Cybersecurity


The idea of an accountability gap in the tech and enterprise industries is nothing new. However, thanks to a study conducted by a team of researchers from Goldsmiths and University of London, we now know it to truly exist.

The study is called The Accountability Gap: Cybersecurity & Building a Culture of Responsibility. It reveals the gap between what corporate-level business managers believe they are prepared for, and what their companies and networks are actually prepared for when it comes to cyber and data security.

The reality is that many companies are vulnerable to outside attacks - even though managers believe they are not - and there is a serious lack of accountability the higher up the power chain you go. That is, many corporate-level executives feel they hold no responsibility when it comes to a cyberattack - it is simply not their fault and out of their control.

That is not necessarily true. In fact, if the execs that are actually accountable for keeping companies' data secure and inaccessible feel they are not responsible, then that company is at a much higher risk for attack.

How Was This Information Collected?

To conduct the study, researchers surveyed 1,530 high-level executives including those that hold the title of non-executive director, C-level executive, chief information officer and chief information security officer. Participants were from a variety of locales including United States, United Kingdom, Germany, Denmark, Norway, Sweden, Japan and Finland.

What the researchers found is that 98 percent of business leaders who work for the most vulnerable companies do not feel it is possible for them to monitor data being transferred to and from devices on their network at all times. To translate, this means that there are a variety of unknown devices connecting to their network and tapping into data, and since they cannot be tracked, it is impossible to know what the users of these devices are doing. Any one of them could be a significant security risk.

To show the mutual understanding of accountability, out of 90 percent of respondents that fit into the category of medium-to-high risk in terms of vulnerability, 40 percent admitted they don't feel responsible for a cyberattack or the fallout that comes with it.

This should be alarming news, especially considering cyberattacks have been on the rise over the past few years. Companies like Ashley Madison, Target, Scottrade and even agencies like the IRS, FBI and CIA all experienced detrimental cyberattacks from an outside threat.

Company executives need to understand their responsibility when it comes to protecting internal and customer data. They also need to be made aware of the current measures for doing so, as well as the current methods hackers are using to breach a network, more informed decisions can be made.

To make matters worse, about 91 percent of board members and executive-level decision makers employed at the most vulnerable companies cannot even interpret a cybersecurity report. They do not understand the security measures and protocols needed to protect sensitive data from being accessed during a breach, and they most certainly do not understand the implications of an attack.

If it's one thing this report has made clear, lowering the overall vulnerability at a company requires teamwork. All employees from standard job titles to high-level executives - including board members - need to be educated on cybersecurity and personal accountability.

Only then will the gap between how vulnerable a company truly is and how vulnerable many believe it is be lowered, if not closed altogether.

How Can Companies Address This Issue?

The ultimate goal is to move many of these vulnerable companies to platforms that are more secure. Many believe there are security threats to content management systems which are not manageable, but that is not true. A lot of these companies would actually benefit from making a switch to a third-party platform because in-house development could be cut down, and many security vulnerabilities could be taken care of, if not removed completely.

While operating from an internal website or network, you absolutely need a technical and IT resources team to take care of the maintenance, especially when it comes to cybersecurity. By using third-party tools, some of that responsibility can be removed from the company and the IT team.

Adopting such a system does not mean accountability would be taken away from the appropriate parties. As individual employees, everyone is responsible for their own form of accountability. That includes setting secure passwords and codes, protecting sensitive company data through encryption and much more.


About the Author

Kayla Matthews is a tech-loving blogger who writes and edits Follow her on Twitter to read all of her latest posts! 

Published Wednesday, April 13, 2016 6:30 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<April 2016>