Cybersecurity is not top priority for enterprises say CISOs
Chief information security officers (CISO) are regularly being summoned by the board of directors to provide recommendations for the business, but this doesn’t mean cybersecurity is being prioritized.
A new study of over 300 cybersecurity executives by 451 Research for Kaspersky finds 60 percent of respondents say business leaders need input from their CISO most often when an internal cybersecurity incident happens, while 57 percent schedule meetings with the board on a regular basis, and 56 percent are requested to provide their expert opinions on future IT projects.
But despite their profile and value to the board, CISOs still face difficulties when it comes to justifying necessary spending on IT security. Often their expenses come from the broader IT budget, 43 percent of those surveyed feel that they are in direct competition with other business and IT initiatives, making it one of the top three challenges they face in order to make the case for essential information security investment.
"As the study shows, boards of directors now understand that cybersecurity is an important part of business success," says Veniamin Levtsov, VP of corporate business, at Kaspersky. "Nevertheless, there's still a challenge for CISOs to be able to convert this understanding into actual support. Speaking business language instead of using technical jargon, focusing on how to solve problems and bringing in third-party expertise to justify meaningful measures are all key components to win over directors."
Kaspersky suggests CISOs need to speak in a language that top management understands. Executives rarely have a security or technical background, so try to avoid IT jargon and refer instead to specific business benefits and opportunities when speaking about security measures.
More information is available on the Kaspersky blog.