pholidito - Fotolia
Security teams and C-suite exec views not aligned
There are key differences and potential challenges when it comes to security teams and C-suite executives communicating and aligning about cyber threats, a study shows
While 96% of cyber security professionals are confident that their companies’ security planning is in line with the organisation’s risks, only 73% of the C-suite believe this to be the case.
This is one of the main findings of a poll of more than 300 C-suite executives and security pros in the UK, France, Germany and the US by security firm Varonis, suggesting there is more communication and teamwork to be done.
While corporate executives share the same concerns as their security teams, with both groups citing data loss and data theft as the top cyber security concerns for their organisations, the two groups differed when it came to their third main concern.
Security pros focused on ransomware, with 30% naming it as a top concern, but executives are more concerned with risks stemming from data alteration or manipulation, with 32% citing it as a top concern.
When asked what type of data they were most concerned with protecting, both groups prioritised customer or patient data and intellectual property. However, the executives named protecting employee data as their third biggest concern, while financial data was the third biggest data worry for security pros.
When asked which business issues were affected by cyber security, both groups listed the same top three concerns, but in a different order. Security pros cited brand perception as their top business issue, followed by intellectual property (IP) loss and costs associated with breaches, while the execs named costs associated with security breaches, such as recovery costs and fines, as their top business issue, followed by brand perception and IP loss.
Further underlining differences in perceptions, 94% of cyber security experts said they believe their company’s leadership teams act on their advice, but only 76% of the C-suite said they take input from their security staff on cyber security threats. This suggests that security teams and IT pros could benefit from more face time, if not a seat at the executive table, the Varonis report said.
Read more about security pros and the business
- Security pros must avoid hype, demonstrate value, says RBS CISO.
- Creating a security culture can ease tensions between developers and security professionals and raise an organisation’s cyber defence capability.
- Brexit – An opportunity for infosec pros to take the lead.
- There is a huge gap between IT and security professionals around several key aspects of application security, a survey reveals.
Similarly, only 69% of executives agreed that their organisation is making headway in improving their cyber security stance, compared with 91% of security pros. With high-profile breaches hitting some of the largest companies around the world, executives may be more likely to feel they are making no real progress, the report said.
When asked if they could quantify how their cyber security measures affected their business, only 68% of the executive group agreed, compared with 88% of security pros. This suggests that executives need more information on how their cyber security investment and efforts are making a quantifiable impact on their company’s bottom line, the report said.
The findings of the Varonis poll suggest that security pros need to step up and improve communications with the C-suite to ensure a better understanding of cyber security threats, risks and mitigations.