Short link: https://wp.me/paaccn-qm3
A Kaspersky study has revealed that every third C-level executive (37%) struggles to speak about adopting new security solutions with their IT or IT security colleagues. The latter, however, feels increasing the budget for cyber security is the toughest topic to discuss with non-IT management.
According to the poll majority of the IT workers say that the main reason their cyber security budget was lowered was that top management sees no reason to invest much in this sphere. Kaspersky conducted a special survey to explore if this situation might be a result of unclear communication between IT security staff and executives, and to discover whether there is a lack of mutual understanding between these two corporate tribes.
The study reveals that, while more than half of top managers in SEA (60%) think IT security employees should better communicate cyber risks to business, only 6% of cybersecurity workers from the region admit they have some difficulties explaining any aspect of their work to non-IT colleagues and executives.
“There is a clear communications gap between enterprises’ decision makers – non-IT C-level executives – and the technical security team responsible for the company’s cybersecurity posture. It is worrying because the same study showed miscommunications between the two groups have negative impacts like serious delays in projects (67%), one or more cybersecurity incidents (66%), and budget wastage (60%),” comments Chris Connell, managing director for Asia Pacific at Kaspersky.
IT and non-IT workers in SEA also differ on the most complicated topics to debate. C-level executives’ three toughest subjects to talk about with IT staff are: adopting new security solutions (37%), compliance with security regulations (37%) and changes to the cybersecurity policy (33%).
For IT workers the top-3 toughest themes to discuss with non-IT executives are the need to increase the IT security budget (55%), expanding the IT security team (54%), and raising cybersecurity awareness among employees (52%).
On the subject of finding common ground, the majority of respondents from SEA agree that the most efficient ways to facilitate discussions about IT-security issues are to choose real life examples and to use reports and numbers. Besides these topics C-level executives here also said that citing references to authoritative opinions (49%) would allow them to best understand their IT-security staff. The IT teams, on the other hand, believe threat stories (52%) will help them to better communicate with executives.
“It can be assumed that non-IT executives struggle to discuss the adoption of new cybersecurity solutions because of the abundance of complex technical terms and concepts often used by IT security staff. The latter, however, don’t like to speak about increasing budgets since C-level executives expect them to use business metrics to justify their needs,” says Ivan Vassunov, VP, Corporate Products, Kaspersky.
“Today, in a difficult economic environment and complicated threat landscape, mutual understanding between business and IT security people is more important for business continuity than ever before. To avoid additional cybersecurity risks it is crucial that both teams know how to speak a common language based on numbers, reliable references and understandable arguments.”
To make the communication between IT security and business functions within the company more transparent, Kaspersky recommends the following:
- Allocate cybersecurity investments into tools with proven efficacy and present new security concepts (including SASE, XDR and Zero Trust) to the board as investment projects or even business cases with calculated ROI. For example, in the cases of XDR (Extended Detection and Response) and SASE (Secure Access Service Edge) implementation, it is important to communicate that these technologies allow the burden on the IT security team to be reduced, while simultaneously improving company’s cybersecurity posture due to centralization and automation of processes.
- Use resources, such as the IT Security Calculator and reports based on experts’ observations containing structured information about the threats and security measures most relevant to your particular industry and company size to verify the probability of risks and the protective measures needed.
- Acquire additional knowledge to better understand professionals from other spheres. While business basics can be gained from training courses, non-IT executives have an opportunity to walk in a CISO’s shoes to gain insights into the most relevant IT security challenges.
The full report and more insights on communications issues between C-level and IT security managers are available via the link.
This report is based on two surveys of IT / IT-security and non-IT respondents.
The research among Non-IT or IT security workers was conducted by a Censuswide research consultancy commissioned by Kaspersky. The quantitative online research was undertaken amongst top management and C-level who discuss security-related issues with IT or IT-security managers at least once a year. Researchers interviewed 2,300 employees, 300 from Southeast Asia, from global businesses with more than 50 employees, and with representation across 25 countries. Respondents were questioned on their organization’s perceived IT readiness, communication between IT staff and non-IT executives, and consequences resulting from miscommunication.
The other poll was conducted amongst 4,132 IT workers as a part of Kaspersky’s global Corporate IT Security Risks Survey (ITSRS). The interviews took place in businesses with more than 50 employees and were conducted across 25 countries. A total of 254 IT oIT security managers from Southeast Asia were surveyed. (✓)
Kaspersky is a global cybersecurity and digital privacy company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 240,000 corporate clients protect what matters most to them. Learn more at http://www.kaspersky.com