You are currently on IBM Systems Media’s archival website. Click here to view our new website.


Why Executives Must Collaborate to Keep Business Secure

Executives Combat Security Fail

With businesses housing mountains of data that could sell on the dark web, hackers have grown more sophisticated and aggressive.

As cyberbreaches can affect entire enterprises and threaten data security, business continuity and a company’s reputation, it makes sense for CIOs and CISOs to focus on cybersecurity. But do other C-level executives—especially those in HR, finance and marketing—understand the risk to their departments?

The IBM Institute for Business Value partnered with IBM Security to evaluate awareness of C-suite executives, excluding CIOs and CISOs, by conducting a survey of over 700 executives from 28 countries and 18 industries. Diana Kelley, executive security advisor, IBM Security, and Carl Nordman, research lead for cybersecurity and finance transformation at the IBM Institute for Business Value, co-wrote the study.

The study shows the C-suite understands the importance of implementing a cybersecurity program that encompasses technical fixes and changes in business processes, management and employee behavior. However, many C-level executives feel they are out of the loop when it comes to being closely involved with decisions about cybersecurity issues, policies and procedures at their companies, Kelley notes.

What Are the Risks?

The majority of executives surveyed knew the critical components necessary for IT security:

  • Prevention, which includes developing a strategy as well as technology and training to mitigate threats
  • Detection, which involves real-time systems and processes that monitor and detect intrusions
  • Response, which requires forensic analysis of the breach and a prewritten plan for handling the breach
  • Remediation, which includes quickly addressing the situation and closing security gaps

While executives understand the security components, they showed a range of expectations when it came to the likelihood of a breach affecting their companies. Fifty-one percent believed their company had a 1-4 chance of being breached. Of the remaining 49 percent, 5 percent said their company had already experienced a breach, 8 percent considered a breach inevitable and 6 percent said there was no possibility of a breach affecting their company.

When it comes to IT infrastructure risks, 57 percent of the C-suite said employee mobile devices are the riskiest IT area. Meanwhile, 54 percent considered social media, surfing the internet and checking personal email at the office to be risky. Other major areas of risk were enterprise mobile applications, said 47 percent; cloud-based applications, said 47 percent; and vendor/partner system integration points, said 42 percent.

Who Are the Hackers?

While the survey showed that many top executives are aware of device risk, they aren’t up to date on who is hacking. Seventy percent of C-level executives perceived an individual working alone to be the top perpetrator of cybercrime. The second and third threats identified were organized crime groups and industry competitors.

Shirley S. Savage is a Maine-based freelance writer. Shirley can be reached at

Like what you just read? To receive technical tips and articles directly in your inbox twice per month, sign up for the EXTRA e-newsletter here.



2019 Solutions Edition

A Comprehensive Online Buyer's Guide to Solutions, Services and Education.

Application Integration With PCI

The problematic nature of PCI-compliance application integration makes research, analysis and planning important. It can also greatly simplify and reduce the effort involved.

IBM Systems Magazine Subscribe Box Read Now Link Subscribe Now Link iPad App Google Play Store
Mainframe News Sign Up Today! Past News Letters