HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Almost Half of IT Decision Makers Say Cybersecurity Still Not a Priority for Board Members

Fortinet has published the results of its Global Enterprise Security Survey. The report indicates board members are still not taking sufficient interest in cybersecurity, even with the high volume of cyberattacks that are now being reported.

The survey was conducted on 1,801 IT decision makers with responsibility/visibility of IT security. The global survey was conducted in 16 countries including the United States, Canada, Germany, France, Australia, India, and the UK.

48% of respondents said they did not believe cybersecurity was a top priority up for discussion by the board, with 77% or respondents believing the board should be scrutinizing IT security much more carefully. IT security is now viewed as a strategic board decision rather than simply an IT investment and a matter for the IT department to deal with.

The need for board involvement has been highlighted by the rapid rise in cyberattacks in recent years. 85% of businesses have experienced a security breach in the past two years. The most common attacks involved malware and ransomware. Malware/ransomware attacks had been experienced by 47% of respondents.

When cyberattacks are experienced, there is an increased focus on IT security by the board, but that focus should take place before a breach is experienced. That said, the global ransomware attacks involving WannaCry did provoke a board response, with 49% of respondents saying there was an increased focus on IT security after those attacks. It is not clear how many of those 49% of organizations were affected by WannaCry.

Even though the C-Suite is not particularly focused on cybersecurity, that does not appear to have adversely affected IT budgets too severely. 60% of respondents said they currently devote 10% or more of their IT budgets to cybersecurity and 71% said their IT security budget has increased since last year.

Cybersecurity is becoming more of a board issue due to increased regulation, in particular the deadline for GDPR compliance in May 2018. 34% of respondents said increased regulation is an important driver of board awareness of cybersecurity.

Organizations are also increasing looking to the cloud. Transitioning to the cloud as part of the digital transformation of organization’s is now becoming a key priority for the board, and along with it, cloud security. 74% of respondents said cloud security is a growing priority, 77% said cloud security is a priority for the board, and 50% reported increased investment in cloud security is planned for the next 12 months.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.