THE RISKS
CYBERSECURITY KNOWLEDGE AND CAPABILITY
Denition:
Percentage who gave a rating of 6 or 7 on a scale of 1 to 7
The growing sophistication and variety of cyberattacks continue to wreak havoc on organizations’ brands and epu r tations,oftenesu r ltingindisastousr financialimpacts. Thisriskexamineswhethergan or izationsaresufficiently prepared to manage cyber threats that could cause disruption and reputational harm.
Analysis: Nearly every member of executive management sees Cybersecurity as being highly relevant to their gan or ization.Hwever,personalknowledgeofthishighly impactful risk remains particularly low amongst all players, particularlyCEs.Thislowevelofknowledgelikelystems fromtheever-evolvingnateur ofcybereat thr s.Overall,a low percentage of respondents across all groups rated the capability of their organizations to manage Cybersecurity as high. In particular, few board members perceive their organization as being highly capable of managing Cybersecurity.
RISK STAGE
Quotes: “Cybersecurity risk is an ever-evolving risk. The architecture and planning processes that have been used to deal with [cybersecurity] have become more complex as technology has become more prevalent.” –Board, Finance “As we have witnessed with the pipeline hack this year, these cybersecurity attacks can have a huge trickle-down effect. All industries are susceptible to cybersecurity risk to some extent.” –Board, Manufacturing Remained in Develop
RISK RELEVANCE Percentage who gave a rating of 6 or 7 on a scale of 1 to 7 – Cybersecurity
77%
87%
97%
C-suite
Board
CAE
www.theiia.org 30
