C-suite is confused about who poses the biggest cybersecurity threat


C-suite executives are confused about who the true cybersecurity adversaries are and how to effectively combat them, a survey released Wednesday by IBM found.

To ascertain the state of cybersecurity in the enterprise, IBM surveyed more than 700 C-level executives in 28 countries and across 18 industries.

More than two-thirds of C-level execs think rogue individuals make up the biggest threat to their company, but a United Nations' report [.pdf] found that 80 percent of cyberattacks are driven by highly organized crime rings.

Diana Kelley, executive security advisor at IBM Security, said that the perception that rogue individuals pose the biggest threat dates from an earlier time when individual hackers were trying to test their skills. Now, cybercriminals are the primary attackers of enterprises, and they are motivated by profit.

"The evolution in the threat space has brought together a strong coalition of organized criminals working in cybergangs and cross-pollinating information," Kelley told FierceITSecurity. "When you have an organized cybercrime gang, they are far more capable of damage and better funded than the guy or gal wearing a hoodie in the basement," she stressed.

Over 50 percent of CEOs agreed that collaboration is necessary to combat cybercrime, but only one-third of CEOs expressed willingness to share their organization's cybersecurity incident information externally.

In addition, more than half of CEOs, chief financial officers, chief human resources officers, and chief marketing officers were not actively engaged in cyberthreat management activities in their company.

The survey found that the companies in which the business side engaged fully with the security side were the most prepared for cyberthreats, Kelley told FierceITSecurity.

For more:
- check out the IBM release
- read the full report [reg. req.]

Related Articles:
Can IT security pros handle pressure?
CISOs face challenges talking to boards about cyber risks
CISO's changing role reflects increased board cyber awareness, morphing threat actors