Cloud access security broker Bitglass has published a report that suggests some of the world’s largest companies perhaps aren’t as committed to cybersecurity as they should be.
Bitglass researched Fortune 500 companies, looking at public-facing information like websites to discover “whether the world’s leading companies are committed to enhancing their cybersecurity initiatives.”
It found that 77% of Fortune 500 companies don’t list who is responsible for cybersecurity on their websites. And, 52% make no explanation, other than standard privacy notices, of how they are protecting the data privacy of their customers. BitGlass says:
“The results demonstrate that most organisations lack an authentic, lasting commitment to cybersecurity, with certain industries being less security-conscious than others.”
In other key findings, BitGlass believes that 38% of Fortune 500 companies do not have a chief information security officer (CISO) and of this 38% only 16% cite someone else as responsible for cyber security strategy. It says that of the 62% that do have CISO only 4% have them listed on their websites. BitGlass adds:
“As breaches continue to cost brands millions, incite executive turnover, decrease stock prices, and harm countless stakeholders, it is crucial that organisations appoint relevant leadership and prioritise proper cybersecurity.”
Cybersecurity conscientiousness varies from industry to industry
BitGlass found the transportation, aerospace, and insurance industries appeared to be more security conscious as they were more likely to list a person responsible for cybersecurity strategy. Further:
“89% of organisations in the aerospace industry have information available on their websites about how they are protecting the data of customers and partners. Aerospace is followed by finance (72%) and technology (66%).”
Those appearing worst at cybersecurity, or at least demonstrating publicly if they are committed to cybersecurity, are the hospitality, manufacturing, oil and gas, and telecommunications industries.
Anurag Kahol, Chief Technology Officer at Bitglass says:
“Corporate social responsibility initiatives have made it onto the websites of the Fortune 500, but research has shown that the same level of importance is not being given to publicly demonstrating commitment to cybersecurity initiatives.”
More action, less demonstration?
To play devils advocate here a little, the information for this report seems to have been gained mainly from what Fortune 500 companies publish on their websites. It could be that these companies are far better at cybersecurity than they are publicly telling us. There’s a hint of that in the number of companies that do have a CISO, but don’t list them on their websites. Not every company keeps its website up to date, though you might expect that a Fortune 500 company would.
– Check out our hilarious security awareness training series:
So, let’s hope many of these companies are far better at cybersecurity than they appear to lead us to believe. Especially those in the telecommunications industry where you would perhaps expect companies to be closer to the leading edge of the fight against cybercrime.
We should be shouting about cybersecurity
A definite take from this report is that Fortune 500 companies and others should be telling their customers and partners far more visibly about their cybersecurity strategy.
Consumers are increasingly aware of the risk to their data or services from cybercrime and now expect businesses to deploy cybersecurity protection and practices to protect their data and needs too. Consumers today are far more likely to spend their money with a company they trust.
These Fortune 500 companies which appear to fall down on their cybersecurity commitments, but maybe aren’t in reality, are doing themselves no favours at all.
For companies smaller than the world’s Fortune 500 there is a message. Firstly, if you have cybersecurity protocols, training, and responsible executives in place you could be doing better than some of the globe’s biggest companies. Secondly, if you tell your customers about your commitment to their data privacy and cyber safety by publishing on your website who is responsible for cybersecurity as well as a little of your strategy to protect consumers, you could gain a little competitive advantage.
Interested in hearing how easy – and cost-effective – cyber-security measure can be? Arrange for your free, no-hassle, demo here.