The new Bitglass report is titled “The Cloudfathers: An Analysis of Cybersecurity in the Fortune 500“, and it finds that 77 percent of the Fortune 500 companies make no indication on their websites about who is responsible for their security strategy. Additionally, 52 percent of big businesses do not have any statements on their websites about how they protect the data of customers and partners, beyond a legally required privacy notice, the vast majority of which exceed the college reading level.
While not necessarily an indicator of the steps these companies are taking to strengthen cybersecurity internally, choosing not to communicate a dedication to the security of customer data and privacy on their websites or indicate an executive responsible for ensuring the protection of sensitive data is telling.
The report also found that 38 percent of the 2019 Fortune 500 do not have a chief information security officer (CISO). Such a role, in contrast, is seen as vital by those firms that have the position in place. A CISO is the senior-level executive within an organization responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected. Even those companies that have the post filled, the profile is not especially high. Of the 62 percent that do have a CISO, only 4 percent have the person in post listed on their company leadership pages.
Of the 38 percent without a CISO, only 16 percent have another executive that is listed as responsible for cybersecurity strategy, such as a vice president of security.
The report also indicates a mixed approach to data protection and data privacy with F500 firms. Within key industries like construction, oil and gas, and hospitality industries, as an example, only 25 percent of organizations have information on their websites about how they protect customer and partner data.
Commenting on the findings, Anurag Kahol, chief technology officer of Bitglass states: “Corporate social responsibility initiatives have made it onto the websites of the Fortune 500, but research has shown that the same level of importance is not being given to publicly demonstrating commitment to cybersecurity initiatives.”
This needs to change, according to Kahol: “Members of the Fortune 500 should be focused just as much on protecting personal data and consumer privacy as they are on other areas of social responsibility.”
