East African CEOs underestimate cyber security level

Posted on March 12, 2013 07:52 pm

A study of information security shows that executives in East African countries of Uganda, Rwanda, Kenya, Tanzania and Burundi are confident of the cyber security levels of their own companies thus increasing the risk for cyber crime. In the survey, 83% of executives were confident of their organization’s information security precautions. Another 62% even viewed their organization as a leader having an effective strategy in place and being proactive in implementing industry-leading standards in information security strategy and execution. The survey found that only 12% actually qualified as true information security leaders. Those defined as “leaders” of companies in East Africa are the ones that have a chief information security officer or equivalent in place and have an overall information security strategy.

The same companies also have measured and reviewed the effectiveness of their security in the last year and understand exactly what types of security events have occurred. The rise in regional security violations, diminished budgets and degrading security projects were key challenges that have left many businesses around the member states of East African region facing security risks that are neither well understood nor consistently addressed. The reality is that many top executives are over-confident about the strength of their information security effectiveness. That has left businesses open to fraud and reduces their attractiveness to potential clients as the number of IT security incidents increases. The survey also found that fewer than half of the respondents roughly 38% expect an increase in their information security budgets this year, mainly due to economic conditions. Most companies in the region have started feeling the pinch in tough economic times although cyber crooks don’t take holidays.

In my opinion, there is no doubt tying budgets too closely to the economy is a risky way to set security priorities as mobile devices, social media and the cloud become commonplace both inside enterprise and out, the study found that the adoption of technology is moving faster than security in the five countries of East Africa. According to the study, consumers use a mobile device for both personal and work purposes and less that half of companies have a security strategy to address personal devices in the workplace, and just slightly over thirty per cent have malware protection for mobile devices. The East African region must realize that security models of the past decade are no longer sufficient. Businesses around East Africa should see information security as a valuable investment that protects both the business reputation and their bottom line.

Contador Harrison