As organizations embrace digital transformation initiatives, business outcomes become inexorably linked to technology areas like application development, cloud computing, and IoT devices. Therefore, these technology assets must be protected to ensure continuity of business operations. The link between cybersecurity and the business has led to an industry declaration that, “Cybersecurity is a boardroom issue.” This statement is true yet simplistic. Executives and corporate directors have a fiduciary responsibility to shareholders and/or owners, so they are ultimately responsible for everything that drives the business, including managing cyber-risk and safeguarding business-critical technology assets. That said, cybersecurity can be a highly technical discipline. This brings up a few questions: Do executives really understand cybersecurity and its role in the business? And as technology further dominates the business landscape, are they investing appropriately in cybersecurity and driving a cybersecurity culture throughout their organizations?
To explore the answers to these and other questions, ESG surveyed 365 senior business, cybersecurity, and IT professionals at organizations in North America (US and Canada) and Western Europe (UK, France, and Germany) working at midmarket (i.e., 100 to 999 employees) and enterprise-class (i.e., more than 1,000 employees) organizations