Business leaders don't understand cybersecurity
A new survey from Delinea of over 2,000 IT security decision makers (ITSDMs) reveals that only 39 percent of respondents think their company's leadership has a sound understanding of cybersecurity's role as a business enabler.
In addition, over a third (36 percent) believe that it is considered important only in terms of compliance and regulatory demands, while 17 percent say it isn't seen as a business priority.
This disconnect between business and security goals appears to have caused at least one negative consequence to 89 percent of respondents' organizations, with more than a quarter (26 percent) also reporting it resulted in an increased number of successful cyberattacks at their company.
Misaligned goals on cybersecurity have contributed to delays in investments (35 percent), delays in strategic decision making (34 percent), and unnecessary increases in spending (27 percent). There are also consequences for individuals, with 31 percent of respondents reporting an impact on the whole security team in terms of stress.
"Cyber security can be a huge business enabler, but this research reflects that there is still some work to do at the board level in shifting mindsets. Executive leaders need to think of cybersecurity not only in terms of ticking the compliance box or protecting the company, but also in terms of the value it can deliver at a more strategic level," says Joseph Carson, chief security scientist and advisory CISO at Delinea.
While 62 percent of security meet regularly with their business counterparts at the highest level there's still room for improvement. Only 48 percent of organizations are documenting policies and procedures to facilitate alignment, and 33 percent of all respondents report that alignment is ad hoc and only ‘happens when needed.’
Interestingly, 31 percent of ITSDMs believe that making the business case to their board and C-suite is a gap in their own skillset while communication skills are recognized as an area for improvement by 30 percent of respondents.
"Alignment between cybersecurity and business goals is essential for success. This research clearly highlights the negative consequences when teams’ objectives aren’t fully in sync. Ensuring common agreement across business functions is vital and there is a real value in metrics that not only measure security activity, but which also demonstrate the impact on business outcomes," Carson adds. "Communication is key, and while strong technical skills are still important, security leaders need the ability to communicate, influence and present the value they add to business outcomes more frequently than ever. Security leaders that demonstrate this mix of skills, and that have the same end goal in sight as the business, are a force to be reckoned with."
The full report is available on the Delinea site.