As organizations embrace digital transformation initiatives, business outcomes become
inexorably linked to technology areas like application development, cloud computing, and IoT
devices. Therefore, these technology assets must be protected to ensure continuity of business
operations. The link between cybersecurity and the business has led to an industry declaration
that, “Cybersecurity is a boardroom issue.” This statement is true yet simplistic. Executives
and corporate directors have a fiduciary responsibility to shareholders and/or owners, so they
are ultimately responsible for everything that drives the business, including managing cyberrisk
and safeguarding business-critical technology assets. That said, cybersecurity can be a
highly technical discipline. This brings up a few questions: Do executives really understand
cybersecurity and its role in the business? And as technology further dominates the business
landscape, are they investing appropriately in cybersecurity and driving a cybersecurity culture
throughout their organizations?
To explore the answers to these and other questions, ESG surveyed 365 senior business,
cybersecurity, and IT professionals at organizations in North America (US and Canada) and
Western Europe (UK, France, and Germany) working at midmarket (i.e., 100 to 999 employees)
and enterprise-class (i.e., more than 1,000 employees) organizations.