ICT Professionals have bemoaned the absence of their ‘kind’ in corporate executive positions saying this is making many companies prone to cyber-attacks.
However a handful of Zimbabwean companies have placed these IT professionals at executive level.
“You know at executive level there are companies where a lawyer is acting, a doctor is acting. We should advocate that ICT professionals should be at executive level.
“I fought hard while working at Hwange (colliery Company Limited) to be in the executive board where I effected some crucial changes in the company with regards to ICTs.
It was also revealed boards lack real understanding of IT risks facing their companies.
Only 6percent of board directors and 3 percent of CEOs of leading companies have professional technology experience. More than two-fifths of companies have no board members with professional technology experience.
Cyber-risk oversight is becoming an increasingly dangerous job for corporate boards. As with the recent wannnacry attacks, more than 30 local companies and institutes were affected.
According to the attendees many directors may not be equipped with the knowledge and understanding they need to provide that oversight.
“You know IT personell should present their issues as a business case for the boards to them seriously,” said one participant.
Tongogara said when IT personnel are presenting their cases they should use layman’s language instead of too much jargon.
Lack of knowledge can create a disconnect between technology professionals and directors leading to the potential for breakdowns in IT risk management and cybersecurity.
The numbers and size of cyber security attacks are increasing and Australia is one of the world’s largest targets. The reasons are many and include a lack of direction and commitment to understanding information security at the strategic level.
This is troubling given the ultimate accountability and their lack off of board directors.
While most cyber professionals feel their organisations have the basics covered, a large majority think there is more to done and significantly more work to do.
Budget, security awareness and understanding of the real threat were the biggest factors holding back cyber approach.
The problem with this approach to ICT policies is that too little effort is being made to understand the value, control and cost of the information that an organisation holds.