One-in-four cyber professionals “facing pressures over breach disclosures”

Surveying upwards of 50 UK Chief Information Officers, security analysts and IT professionals, Kocho’s study findings reveal that, while 92% of respondents think their Boardrooms understand the day-to-day realities of cyber security, it’s different when a breach occurs.

Despite efforts to improve information sharing and collective industry resilience, one-fifth (20%) of survey respondents disclosed that there remains a culture of blame around breaches. In fact, despite incidents being a shared and sector-wide threat, 14% of professionals revealed they were held personally responsible in their organisations.

When an organisation does suffer a breach, more than four-in-ten (45%) respondents suggested that a more measured response from their Board would make the handling of a breach both easier and faster.

In the UK, the General Data Protection Regulation requires organisations to notify the relevant supervisory authority within 72 hours of discovering a breach involving personal data. Seriously affected individuals should be contacted “without undue delay”. Failures to issue a notification can potentially result in an £8.7 million fine or 2% of global turnover.

Tensions with the top team

The survey has also uncovered some of the tensions between security teams and senior executives. Nearly three-quarters of cyber and IT professionals (73%) say that managing the expectations and pressures from the C-Suite is demanding.

In those organisations with between 100 and 250 employees, the figure rises to 81%, duly reflecting the pressure placed on smaller teams. More than half of respondents (52%) said their Board (or customers) had asked them for assurances about cyber security that they could not give.

Despite generally good relations with their managers, almost four-in-ten (39%) respondents believe clearer support and recognition from their senior leadership would alleviate the stress that’s common among cyber security and IT teams, particularly so as attacks become more common.

There are also signs that some senior leadership teams are too disengaged, with 28% of cyber professionals stating clear executive backing for cyber security priorities would help them feel far more positive about their current role.

Culture of openness 

Hannah Birch, CEO at Kocho, said: “As an industry, we must move away from viewing every cyber breach as a sign of organisational or reputational failure. Today’s threats target entire sectors, supply chains and ecosystems, not just individual businesses, with similar techniques often used against multiple organisations in quick succession.”

Birch added: “A breach should not automatically be seen as evidence of negligence, but rather the result of a co-ordinated and well‑resourced criminal campaign. What we need is a culture of openness whereby leaders can share insights and experiences.”

*Further information is available online at www.kocho.co.uk