A recent survey of over 2000 IT security decision-makers has revealed that less than half (39%) believe their company’s leadership has a solid grasp on the role of cybersecurity in business success.
Published by privileged access management (PAM) solution provider Delinea earlier today, the report also suggests around a third (36%) of respondents believe cybersecurity is only considered important in terms of compliance and regulatory demands.
Further, the study reported that 89% of respondents’ organizations had suffered negative consequences following cybersecurity efforts, with more than a quarter (26%) also claimed that it resulted in an increased number of successful cyber-attacks at their company.
Read more on cyber-hygiene here: Small Business Interest in Cyber-Hygiene is Waning
“Alignment between cybersecurity and business goals is essential for success,” said Joseph Carson, chief security scientist and advisory CISO at Delinea.
“Ensuring common agreement across business functions is vital, and there is a real value in metrics that not only measure security activity but which also demonstrate the impact on business outcomes.”
At the same time, Delinea also highlighted that a majority of security teams (62%) meet regularly with their business counterparts at the highest level. Still, almost a third (31%) of them believed that making the business case to their board and C-suite was a gap in their own skill set. Communication skills were consequently recognized as an area for improvement by 30% of survey participants.
“Communication is key, and while strong technical skills are still important, security leaders need the ability to communicate, influence and present the value they add to business outcomes more frequently than ever,” Carson added. “Security leaders that demonstrate this mix of skills, and that have the same end goal in sight as the business, are a force to be reckoned with.”
More generally, however, Carson believes that, while cybersecurity can be a huge business enabler, this research shows that there is still some work to do at the board level in shifting mindsets.
“Executive leaders need to think of cybersecurity not only in terms of ticking the compliance box or protecting the company but also in terms of the value it can deliver at a more strategic level.”
More information about how businesses can move beyond the reactive approach to cybersecurity is available in this analysis by Rick Hemsley, UK&I Government and Public Sector Cybersecurity Lead at EY.