The disconnect between perceived and actual risk is astounding. Most CEOs and CIOs contend their cyber-security programmes are effective, yet the number of security incidents is rising significantly.
The solution starts at the top, with clear policies that are communicated right down through the organisation. But those policies also have to take account of user behaviours and changing technology, such as the Bring Your Own Device phenomenon, explains Keith Barker.