Following a number of different research projects that we’ve undertaken here at Nominet, we know only too well the struggle felt between security teams and wider business stakeholders. Most recently we looked into cyber confidence, where we found that despite more than a third of CISOs not feeling moderately or very confident with the final choice of security solutions, 71% said that the business was touting its cyber robustness to partners and customers.
Clearly there is a disconnect between CISOs and the wider business on what constitutes a cyber strategy in which to be confident.
Arguably, this could come down to a lack of cyber knowledge. In another research project done earlier this year where we surveyed c-suite members, 71% conceded that the board had gaps in knowledge when it comes to the main cyber threats. Also, interestingly, two thirds claimed that it was unlikely that a data breach would be reported to the board.
This is particularly worrying when you take a look at NCSC guidance around board responsibility for cyber. The NCSC says that due to cyber being so critical to ensuring that organizations can exploit the opportunities that technology brings, it ‘places it firmly within the responsibility of the Board’.
It is fundamental that those leading the business know where to focus when it comes to cyber. Below is a handy toolkit put together by the NCSC to help boards facilitate those essential conversations with security teams to ensure risk is minimized and cyber defense maximized.
Data breaches will continue to hit the headlines and discussion around what constitutes as good security will also evolve. At Nominet, we believe tapping into the ubiquity of DNS for effective network detection and response to be fundamental in a holistic defense that can respond and block threats quickly.