Corporate boards and business executives in Asia are more concerned with security governance than their counterparts in other regions. The 2012 Governance Report from Carnegie Mellon CyLabs reveals that 76% companies in Asia have a board committee to oversee and manage security risks in privacy and governance. This tops their counterparts in Europe (41%) and North America (35%).
The study was done in cooperation with EMC Security Division and RSA, and it offers a detailed analysis on how corporate boards and senior executives manage cyber risks, IT risks and Enterprise Risk across geographical boundaries and across industrial sectors. 108 senior executive levels from Forbes Global 2000 corporations were involved as respondents.
As expected, the financial industry has better practices than any other sectors, with cyber risk management as the major highlight. Meanwhile, the energy, utilities and industrial sectors have shown lack of attention in vendor management, computer and information security and tech operations. These figures are concerning: 79% of energy/utility companies and 77% of IT/telecom corporations did not review cyber-insurance coverage, compared with 52T from the financial-sector and 44% from the industrial sector.
There seems to be a lack of focus on “critical activities,” such as cyber insurance coverage and its review, key privacy, security responsibilities assignment, cyber risks and incidents periodic reports, as reported.
But Asia’s top executives prefer to have security and privacy roles combined. At 82%, this is quite higher than the European 48% and North American 44%.
The study has likewise determined that Asian firms are less concerned when it comes to top governance positions of Chief Privacy Officer (CPO) and Chief Information Security Officer. Five percent of Asian corporations give importance to the CPO, far behind North America’s 23%. Meanwhile, 52% give importance to the CISO, quite close with North America’s 58% and a distance from Europe’s 72%.
The study shows that Asian corporations are one step ahead of North American and European organizations in being proactive with best practices related to privacy and security governance. Lastly, we can see several recommendations on how to improve enterprise governance here.
January 10, 2012
January 12, 2012
January 20, 2010