Board-business dynamic is contributing to cyber risk: EY
The survey finds just 21% of Canadian boards understand how to fully evaluate cybersecurity risks
TORONTO — A disconnect between cybersecurity efforts and business functions is putting more Canadian companies at risk, according to an EY study. The advisory firm says information gaps leave leaders with a limited understanding of potential threats and how to mitigate exposure.
The 2020 EY Global Information Security Survey finds 34% of companies have yet to fully articulate their cybersecurity risk, compared to 16% of global peers.
“With more businesses moving — and potentially staying — online or working remotely, organizations are increasingly vulnerable to cyber attacks,” says Yogen Appalraju, EY Canada’s cybersecurity leader. “Bridging the divide between the security function, lines of business and the board can be an enabler to proactively address heightened risks and help advance digital transformation.”
The survey finds just 21% of Canadian boards understand how to fully evaluate cybersecurity risks, compared to 48% globally. Meanwhile, 43% are unable to quantify cybersecurity effectiveness in financial terms, compared to 24% of global respondents.
“Cybersecurity teams must learn to speak the board’s language to better communicate the severity and business impact of different risks,” says Appalraju. “Increased education and engagement among this group should trickle down into the business to drive awareness, while helping to secure the buy-in for funding and resources needed to address growing threats.”
The survey finds that cybersecurity teams need to develop better alliances across all business functions of the organization. Currently, only 10% of survey respondents say there’s a high level of trust and consultation between cybersecurity teams and the broader business.
EY says cybersecurity needs to be present at the development stage of any product, service or initiative as businesses look to make greater digital investments to support an online transition in this new environment.