Kaspersky research published today reveals that while the C-Suite considers the threat of cybersecurity attacks to be a greater risk to their businesses than the worsening economic environment, it is unable to prioritise action due to the jargon and confusing terminology used to describe threats
More than half of UK-based C-Suite executives surveyed (57%) believe the biggest risk facing their businesses are cybersecurity attacks, ahead of economic factors (30%), industrial action (29%) and natural disasters (26%). However a further 48% of British C-level security specialists stated that the language being used to describe these threats is the biggest barrier to their management team’s understanding of the most pressing cybersecurity issues
Kaspersky research into the language barriers that exist in cybersecurity finds that 48% of UK-based C-level security, compliance, and risk specialists believe that jargon and confusing industry terms are currently presenting the greatest hurdle to the C-Suite’s understanding of cybersecurity and, most importantly, what they should do about it.
What’s a… Malware?
To illustrate this point more vividly, 46% of all those surveyed stated that they found basic cybersecurity terms Malware and Supply Chain attacks to be confusing. Slightly more technical language used such as ‘Zero Day Exploits’ and ‘Suricata rules’ saw similar levels of confusion with respectively 45% and 48% of respondents claiming to not fully understand these terms.
“Acronyms, jargon, and idioms act as shorthand for those in the know, but often seem confusing for anyone without direct experience of working in cybersecurity. Our findings suggest that the inability from senior management within large organisations to truly understand the nature of the threats they’re constantly exposed to, means they are often not considered a boardroom priority,” explained Stuart Peters, GM, UK and Ireland at Kaspersky. “In other words, this paints a picture of high-powered C-Suite executives having to make timely, critical business decisions without a clear picture of their own unique threat landscape and the risk it poses to their organisation, preventing them to develop a culture of cybersecurity based on best-practices, knowledge-sharing, and ultimately actionable intelligence.”
No room for cybersecurity in the boardroom agenda
Nearly all (99%) C-Suite respondents are now aware of how often their businesses are being attacked by threat actors. Despite this awareness, 1 in 3 (33%) respondents stated that cybersecurity was only sometimes an agenda item during board meetings, compared with 61% saying that cybersecurity was always an agenda item.
The findings also suggest that the bigger the organisation, the greater the potential disconnect with overall cybersecurity awareness, nearly 1 in 5 (22%) C-Suite respondents in companies with 5000+ employees stating that cybersecurity is rarely an agenda item for their management or board meetings, compared to just under 2% of C-Suite in companies between 1000-1999 or 2000-2999 employees.
Methodology
Kaspersky ‘Separated by a common language: is the C-Suite able to truly decipher and act upon the real threat of cyberattacks?’ follows a total of 1,800 interviews with C-level decision-makers in large enterprises of 1,000 or more employees across 13 countries in Europe. The research saw respondents asked about cybersecurity within their organization, the measures taken to protect themselves, and the barriers they face as a management team.
To download a copy of the report, please visit: https://go.kaspersky.com/ti-separated-by-a-common-language.html
