Almost half of the 2017 CIO 100 organisations have experienced a security breach within the last 12 months. CIOs are now integrating security training and awareness programmes to help protect their organisations against incoming threats.
Following the WannaCry cyberattack, which disrupted 61 NHS organisations in the UK and more than 200,000 systems worldwide, cybersecurity remains an ongoing issue for businesses today.
A cultural change should result in staff becoming aware and responsive to security issues while also improving their skill set and attitude when it comes to security. Read on to find out how eight 2017 CIO 100 members are raising awareness of security and the safety of their organisations.
"We have developed a new and more confident governance and assurance structure that takes a more objective approach to architecture and security. We have introduced FAIR [factor analysis of information risk] as a risk management and assessment methodology that allows a more balanced, less risk-averse approach. It has been used in assessing risks for both live systems and proposed changes and is allowing us to save time and effort later on.
"We are also covering key areas such as privacy, service and security by design and what that means so that expectations on how to deliver are managed."
Laura Dawson, CIO, British Council
"We are working to improve the group's information security position through training and awareness campaigns, and preparing for GDPR legislation due in May 2018, where we need to have significantly more insight into how personal data flows across our estate and how it is secured and protected in each of its states."
Darryn Warner, CIO, Interserve
"Security is a critical concern and we want this to be a key element of our culture. To this end, all our developers are trained in secure coding practices, we have 'MacGyvers' in all clusters: individuals with additional security training who are responsible for identifying and raising security concerns, as well as being a super-local centre of excellence for security skills."
Mark Holt, CTO, Trainline
"Barclays became the first global financial institution to focus on holistic security which redefines conventional approaches to cybersecurity and comprises cyber and physical security, as well as intelligence, investigations, and resilience.
"An integrated security function covers the business environment and allows more visibility into normal and abnormal activities. It adapts security strategy to the current digital environment in order to bring innovation to the next level in the safest way possible and promote the benefits of secure business to all our clients, employees, and stakeholders. 'Security by design' has become a core part of the processes at Barclays."
Elena Kvochko, CIO, Group Security Division, Barclays Bank
Sign up for CIO Asia eNewsletters.