The Cloudfathers report found that 77% of the Fortune 500 make no indication on their websites about who is responsible for their security strategy. Additionally, 52% do not have any language on their websites about how they protect the data of customers and partners (beyond a legally required privacy notice). The results demonstrate that most organisations lack an authentic, lasting commitment to cybersecurity, with certain industries being less security-conscious than others. As breaches continue to cost brands millions, incite executive turnover, decrease stock prices, and harm countless stakeholders, it is crucial that organisations appoint relevant leadership and prioritise proper cybersecurity.
Other Key Findings:
Most Security-Conscious Industries in the Fortune 500:
Least Security-Conscious Industries in the Fortune 500:
●No hospitality companies list an executive who is responsible for cybersecurity strategy. The manufacturing and telecommunications industries follow closely behind at 8% and 9%, respectively.
●Within each of the construction, oil and gas, and hospitality industries, only 25% of organisations have information on their websites about how they protect customer and partner data.
“Corporate social responsibility initiatives have made it onto the websites of the Fortune 500, but research has shown that the same level of importance is not being given to publicly demonstrating commitment to cybersecurity initiatives,” said Anurag Kahol, chief technology officer of Bitglass. “Lax security and its resulting breaches have long-term repercussions for organisations as well as their customers, shareholders, partners, and other stakeholders. Members of the Fortune 500 should be focused just as much on protecting personal data and consumer privacy as they are on other areas of social responsibility.”