Enterprises are failing to plan properly for supply chain risks and cybersecurity threats from the wider digital ecosystem, a leading technology consultancy has warned.
According to Tata Consultancy Services (TCS), firms put the risks posed by ecosystem partners at the bottom of a list of 10 key threats. CISOs and chief risk officers believed that financial systems, customer databases and R&D were the systems most likely to be targeted. Supply chain and distribution was placed in ninth.
The report, based on a survey of larger firms with annual revenues of $1bn or more, found that only 16% of chief risk officers believed the digital ecosystem was a concern when it comes to cyber risks, and only 14% said those ecosystems were a priority for board level discussions.
The research also found that a small number of enterprises fail to focus on cyber risk, with one in six boards discussing it only “occasionally, as necessary or never.” TCS found, though, that organizations with above-average profit and revenue growth were more likely to put cybersecurity on the agenda at board meetings.
TCS also found that enterprises view the cloud as a more secure environment than conventional data centers and on-premises systems. Additionally, the research highlighted ongoing concerns about skills and the need to attract and retain talented security staff. Firms where senior leaders focus on cybersecurity are more likely to be able to close the skills gap, according to the study.
“Demonstrating a serious commitment to cybersecurity by sustained attention from senior leadership, funding and process changes will be vital to recruiting and retaining top talent,” said Bob Scalise, managing partner, risk and cyber strategy at TCS. The report found that it took 21% longer to fill a cybersecurity post than other roles in IT and that 44% of companies found it hard to attract “top talent;” 42% found it hard to retain those with cyber risk and security skills.
“The skills gap in the cyber security industry is showing no sign of closing,” said Piers Wilson, director of the Chartered Institute of Information Security.
“The research highlights that recruiting and retaining talent is still a major problem. If the industry has any chance of closing the gap, it needs to put people at the core. This means encouraging greater diversity of people into the industry, and ensuring those already in it have long and fulfilling careers.”