Yesterday, Carnegie Mellon CyLab in conjunction with RSA issued the Governance of Enterprise Security: CyLab 2012 Report. This report surveyed boards of directors and senior management executives to determine how they are managing privacy and cyber security within their organizations. 75 percent of the respondents were from the critical infrastructure industry, and the energy and utilities sectors indicated that nearly 80 percent of their executive do not review insurance for cyber security risks.

Brian Prince, contributing writer for SecurityWeek, decided to dive deeper into these findings and reached out to Industrial Defender for insight and analysis. When it comes to protection of critical infrastructures, Industrial Defender executives were ready and will to offer a breakdown analysis. According to Jacob Kitchel, senior manager of security and compliance:

“Often times, people just imagine that organizations have the adequate resources to fully address critical infrastructure security and privacy issues. What we typically see is that the majority of large enterprise organizations have the appropriate resources to address these issues, while the smaller organizations are struggling to juggle security, compliance and change management responsibilities.”

Kim Legelis, vice president of Industrial Defender, added, “By looking at the security risk and governance practices of specific industry sectors, the CyLab report highlights that those who protect the money are better at managing cyber risk from the executive level, while boards of energy and utilities sectors lag seriously behind.”

The findings of this report are staggering, but a good reminder to increase awareness of cyber security risks and take the necessary steps to improving critical infrastructure protection.

Interested in learning more about the stats and findings of the CyLab report? Check out Brian Prince’s full article here: Senior Corporate Execs Failing in Cyber Risk Management, Survey.