sb-as logo
Story image

Are Fortune 500 companies failing at cyber security? 

New research has revealed the majority of the Fortune 500 are not prioritising proper cybersecurity protocols. 

Bitglass has released findings from its latest report, The Cloudfathers: An Analysis of Cybersecurity in the Fortune 500. To uncover whether the worlds leading companies are committed to enhancing their cybersecurity initiatives, Bitglass researched the members of the 2019 Fortune 500 and analysed public-facing information such as what is available on their websites.

The Cloudfathers report found that 77% of the Fortune 500 make no indication on their websites about who is responsible for their security strategy. Additionally, 52% do not have any language on their websites about how they protect the data of customers and partners (beyond a legally required privacy notice). 

According to Bitglass, the results demonstrate that most organisations lack an authentic, lasting commitment to cybersecurity, with certain industries being less security-conscious than others. 

As breaches continue to cost brands millions, incite executive turnover, decrease stock prices, and harm countless stakeholders, it is crucial that organisations appoint relevant leadership and prioritise proper cybersecurity, the company says.

The report found 38% of the 2019 Fortune 500 do not have a chief information security officer (CISO). Of this 38%, only 16% have another executive that is listed as responsible for cybersecurity strategy, such as a vice president of security. Of the 62% that do have a CISO, only 4% have them listed on their company leadership pages.

According to the research, the transportation industry is the most security-conscious vertical, with 57% of its companies listing an executive as responsible for cybersecurity strategy. The aerospace industry (33%) and the insurance industry (30%) come in second and third, respectively.

The report revealed 89% of organisations in the aerospace industry have information available on their websites about how they are protecting the data of customers and partners. Aerospace is followed by finance (72%) and technology (66%).

Meanwhile, no hospitality companies list an executive who is responsible for cybersecurity strategy, the report shows. The manufacturing and telecommunications industries follow closely behind at 8% and 9%, respectively.

Within each of the construction, oil and gas, and hospitality industries, only 25% of organisations have information on their websites about how they protect customer and partner data.

"Corporate social responsibility initiatives have made it onto the websites of the Fortune 500, but research has shown that the same level of importance is not being given to publicly demonstrating commitment to cybersecurity initiatives," explains Anurag Kahol, chief technology officer of Bitglass.

"Lax security and its resulting breaches have long-term repercussions for organisations as well as their customers, shareholders, partners, and other stakeholders," Kahol says. 

"Members of the Fortune 500 should be focused just as much on protecting personal data and consumer privacy as they are on other areas of social responsibility."

Story image
Experiencing ransomware significantly impacts cybersecurity approach
"The survey findings illustrate clearly the impact of these near-impossible demands. Among other things, those hit by ransomware were found to have severely undermined confidence in their own cyber threat awareness."More
Story image
NVIDIA backs the future of hardware-based zero trust security
Check Point’s Infinity NEXT architecture will support NVIDIA DPUs by providing zero trust security. More
Story image
Video: 10 Minute IT Jams - protecting data with user behaviour analytics
In this video, Forcepoint senior sales engineer and solutions architect Matthew Bant discusses the company's DLP solution, the importance of integrating compliance into security solutions, and why cybersecurity strategies should take a more people-based approach.More
Story image
Research: Younger cybersecurity pros more fearful of being replaced by AI
According to the findings, 53% of respondents under 45 years old either agreed or strongly agreed that AI and ML are a threat to their job security, despite 89% of this demographic believing that it would improve their jobs.More
Story image
Palo Alto Networks launches new SD-WAN solutions and enhancements
Palo Alto Networks has introduced two new SD-WAN appliances and enhancements to its next-generation SD-WAN solution, expanding the company’s CloudGenix SD-WAN solutions reach.More
Story image
Creating private data regulations for employees
Whether employees are hired on a part-time or full-time basis, everyone must know about data privacy regulations. Everyone needs to be responsible for keeping the organisation’s data secure. More