Majority of big corporations not prepared for cyberattacks, global corporate governance research shows

Primary page content

New research led by Goldsmiths, University of London indicates that 90% of global corporations are at serious risk of cyberattack - and the majority of big business heads are not confident that they’re prepared for it.

An independent study led by Dr Chris Brauer, in collaboration with Nasdaq and leading cybersecurity company Tanium, found that a lack of accountability at board and executive levels and no clear focus on cybersecurity has contributed to systemic data vulnerability in global companies.

Some 1,530 non-executive directors, Chief Information Officers, and Chief Information Security Officers from across the US, UK, Germany, Japan and Scandinavia were surveyed for 'The Accountability Gap: Cybersecurity and Building a Culture of Responsibility' - the largest study of its kind.

While many people believe that cybersecurity in the private sector is improving, the study’s findings indicate an alarming gap between presumed and actual corporate preparedness for cybersecurity breaches.

The report explores topics such as cyberliteracy, accountability, response and the appetite for risk. Dr Brauer’s research team worked with a global panel of cybersecurity subject-matter-experts to define challenges that make up cybersecurity vulnerability and developed a unique statistical model for scoring readiness, awareness and vulnerability for these challenges and assessed through survey.

A recurring theme is that while board members understand the importance of cyber preparedness, they widely lack the requisite knowledge of real time specific cyber threats and the possible actions that should be taken to mitigate risk.

“What the report does is make visible the key contemporary leadership challenges around cybersecurity and benchmark the readiness and awareness for these challenges of the corporate leaders from a sampling of the world’s largest organisations,” said Dr Brauer.

“There is a lot of focus on cybersecurity risks in the public domain and we sought to inform and impact calls-to-action for organisations to increase cyber accountability and reduce vulnerability.”

In fact, the study found that the majority of non-executive directors felt a hesitance even to speak up regarding their concerns on cybersecurity matters, as they didn’t feel adequately knowledgeable on the subject to weigh in.

Study findings include:

  • Every company is vulnerable to varying degrees of cyberattack, but 90% of respondents’ organisations could be categorised as medium-to-high risk.
  • 98% of the most vulnerable companies’ non-executives directors and executives are not confident their organisations track all devices and users on the system at all times.
  • 87% of board members and executives at the most vulnerable companies don’t consider their malware, antivirus software and patches to be completely up-to-date at all times.
  • The least vulnerable companies are 31% more likely than the most vulnerable companies to have assessed the potential losses associated with cyberattacks.

The research was directed by Dr Chris Brauer at the Institute of Management Studies, Goldsmiths, University of London and led by Dr Jennifer Barth and Dr Yael Gerson. Research assistance was provided by Alison Wilson, Ana Beatriz Alencar and Zainab Hammoud and graphics by Meng-Yao Chuang.

Read more from Chris Brauer on the CITY AM website - 'Cybersecurity: The steps every board member and C-suite professional should be taking now'

Download a full copy of the report here