US IT professionals less confident in board level cybersecurity literacy than UK counterparts

Tripwire has published the results of a study conducted by Dimensional Research on the cybersecurity literacy challenges faced by organizations. The study, carried out in May 2015, evaluated cybersecurity risk decision-making and communication between IT security professionals, executive teams and boards. Study respondents included 200 IT security professionals at U.S. companies with annual revenues of more than $5 billion, and 151 IT professionals from U.K. organizations with annual revenues over £500 million.

  • 9 years ago Posted in

Key findings include:

IT professionals in the U.K. (71 percent) were more likely to consider their corporate board to be cybersecurity literate than their U.S. counterparts (57 percent).
71 percent of the U.K. respondents said their company's corporate board had a member responsible for cybersecurity, only half (50 percent) of U.S. IT professionals said this was true for their organization.


Nearly a third (32 percent) of U.S. respondents believed the information presented to the board did not accurately represent the urgency and intensity of the cyberthreats targeting their organization. Only 13 percent of U.K. IT professionals answered similarly.

“Cybersecurity is definitely a boardroom issue, and I’m encouraged that more organizations are engaging on this topic,” said Dwayne Melancon, chief technology officer for Tripwire. “However, engaging and doing so effectively are two different things.”


When asked which major security event had the biggest impact on their board’s cybersecurity awareness, 34 percent of U.K. respondents said an internal security breach at their organization. However, 74 percent of U.S. respondents said high-profile external breaches, such as Sony Pictures, Target and the Snowden leaks, had the most impact.


Melancon continued, “From my experience, I believe some of the respondents may be overly optimistic about the cybersecurity literacy of their boards, which could be a challenge. Fortunately, a good number of organizations recognize that their current approach to depicting cybersecurity status falls short of their goal of creating an appropriate sense of urgency within their executive ranks.”

Research shows ‘game needs to be changed,’ with security innovation years behind that of the...
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that...
Atos has launched Atos OneCloud Sovereign Shield, a set of solutions, methodologies, and...
New distribution agreement set to bolster Westcon-Comstor’s Zero Trust offering in more markets...
Research from Avast has found that employees in almost a third (31%) of Small and Medium...
This year, over half of MSPs or their end customers have been attacked by ransomware but only 53%...
Trend Micro has published new research revealing that 90% of IT decision makers claim their...
Cyber consultants call on businesses to act now, or risk budgets shrinking further in ‘real...