It may seem obvious: A strong commitment to cybersecurity from an organization’s top management equals better protection. The cybersecurity staff have more confidence and focus on the right things – fighting threats as opposed to worrying about who will leave next for greener pastures.
These were among the findings of (ISC)2’s latest study, Building a Resilient Cybersecurity Culture. The study of cybersecurity professionals set out to pinpoint what companies with a good cybersecurity track record do better than others. As you might suspect, a strong cybersecurity culture is key. And it manifests itself in multiple ways:
- Top management understands the importance of cybersecurity, according to 97% of respondents.
- 96% say their policies align with their board of directors’ cybersecurity strategy.
- 100% are confident in their company’s cyber defenses.
- 96% say their organization considers cybersecurity as very important or a top priority in their overall IT budgets.
- Only 8% worry about losing the support of management or budget.
The Right Team
Key to cultivating strong cybersecurity habits is how companies go about selecting and running their cybersecurity teams. The study revealed 86% of companies with proper cybersecurity staffing employ a Chief Information Security Officer (CISO). This compares to 49% of companies overall, according to other research.
When building their cybersecurity teams, these companies focus on hiring certified security professionals (70%), and internal training and promotions (70%). And according to 52% of respondents, they take care to draft clear job descriptions when hiring. This has been a sticking point with cybersecurity jobseekers, who often view poorly written descriptions as a warning sign.
Just about half of respondents (48%) say attracting the right talent is critical to strengthening their cybersecurity teams. And while you might expect a higher percentage, this finding could be attributed to the level of confidence in the existing team, especially since there is a strong emphasis on offering training and certification opportunities to employees (57%) and cross-training on cybersecurity skills and responsibilities (55%).
Technology also is important to strengthening the team, according to 62% of respondents. This acknowledges that while expertise and skills are critical, you can’t overlook the need for tools to combat cyber hacking.
One of the most telling revelations was that organizations with solid cybersecurity are good listeners. They follow advice from experts on focusing on risk assessment to build cyber defenses, the importance of cybersecurity certifications and employee training, and as already mentioned, drafting clear job descriptions.
To read the full study, please visit (ISC)² Research.