A recent survey of more than 2000 IT security decision makers found that less than half (39 %).
The report, released today by privileged access management (PAM) solution provider Delinea, found that nearly one-third (36%) of respondents believe cybersecurity is only important from the perspective of compliance and regulatory requirements. It also suggests that
Additionally, the survey found that 89% of respondents’ organizations had been negatively impacted following their cybersecurity efforts, and more than a quarter (26%) said their company had experienced an increase in the number of successful cyberattacks. claim.
R.Read more about cyber hygiene here: Small business interest in cyber hygiene is fading
Delinea’s Chief Security Scientist and Advisory CISO, Joseph Carson, said:
“Ensuring common agreement across business functions is essential and there is real value in metrics that not only measure security activities but also show impact on business outcomes.”
At the same time, Delinea also emphasized that the majority of security teams (62%) meet regularly with their top-level business counterparts. Still, nearly one-third of them (31%) considered presenting his business case to the board or executives a gap in his own skill set. rice field. As a result, 30% of his survey participants identified communication skills as an area for improvement.
“Communication is key and strong technical skills are still important, but more often than ever, security leaders need the ability to communicate, influence and demonstrate the value that adds to business outcomes. added Carson. “A security leader who demonstrates such a combination of skills and sees the same end goal as the business is a force to be reckoned with.”
But more generally, while cybersecurity can be a big business enabler, the research shows there is still work to be done at the board level to change mindsets. Carson thinks.
“Executive leaders need to think of cybersecurity not just in terms of ticking compliance boxes and protecting their companies, but in terms of the value they can deliver on a more strategic level.”
More information on how businesses can move beyond a passive approach to cybersecurity is available in this analysis by Rick Hemsley, UK&I Government and Public Sector Cybersecurity Lead at EY.
