Industry rhetoric suggests that cybersecurity is an important topic in corporate boardrooms and C-suites, but according to a recent ESG survey, this is only partly true. While 58% of senior cybersecurity and business managers say that their organization’s C-level executives’ commitment and buy-in to cybersecurity is “very good,” the remaining 42% say that their organization’s C-level executives’ commitment and buy-in to cybersecurity is “adequate, fair, or poor.”
Not so good.
Survey respondents were also asked which cybersecurity topics were most important to the executive team. Here are the results and a bit of analysis:
- Data privacy. Data privacy topped the list at 35%, and this makes sense given regulations like GDPR and CCPA. In the past, data privacy was handled by legal teams, but with the onset and growth of regulations, CISOs have been asked to operationalize data privacy. In other words, security teams are responsible for things like data discovery, the introduction of new data security controls, and coordination around technologies for data deletion. GDPR also comes with the potential for hefty fines, so executives are paying close attention. Given that GDPR came out of the EU, it is not surprising that 39% of European organizations viewed data privacy as a high priority, compared to 33% of North American firms, according to ESG’s research.