Business leadership ‘overlook’ role of cybersecurity in business success: report

Thursday, 11 May 2023 13:04

Business leadership ‘overlook’ role of cybersecurity in business success: report Featured

By Gordon Peters

Many IT security decision-makers think the leadership of businesses overlook the role of cybersecurity in business success, according to a new global survey of security professionals which also revealed a disconnect between security and business goals.

When asked about the board and C-Suite's understanding of cybersecurity across their organisation, only 39% of 2,000 IT decision-makers think their company’s leadership has a sound understanding of cybersecurity’s role as a business enabler, according to the survey by Privileged Access Management (PAM) solutions provider Delinea.

The survey of IT decision makers in Australia and New Zealand - and in Singapore, Malaysia, India, Taiwan and Hong Kong - found that the disconnect between business and security goals appears to have caused at least one negative consequence to 89% of respondents’ organisations - with more than a quarter (26%) also reporting it resulted in an increased number of successful cyber-attacks at their company.

According to the survey, the impact of “misaligned goals on cybersecurity” was wide-ranging as it contributed to delays in investments (35%), delays in strategic decision making (34%), and unnecessary increases in spending (27%).

There were also consequences for the individuals themselves, with 31% of respondents reporting it impacted the whole security team in terms of stress - and furthermore, global economic uncertainty has worsened the situation with half of those surveyed (48%) stating that aligning cybersecurity and broader business goals is becoming more difficult to achieve as a result.

Delinea says structural processes are key to aligning goals and, encouragingly, the survey revealed that most security teams (62%) meet regularly with their business counterparts at the highest level.

“Additionally, 54% of companies have also embedded security team members within business functions. However, the research showed there is still room to improve, as less than half of organisations (48%) are documenting policies and procedures to facilitate alignment, and a further third of all respondents (33%) reported that alignment is ad hoc and only ‘happens when needed.,’ notes Delinea.

The Delinea report also brought to light that metrics used to measure and demonstrate the value that cybersecurity delivers are still strictly linked to technical or activity-based figures - for example, the number of prevented attacks (31%) was cited as the most important measure of success, followed by meeting compliance objectives (29%) and reducing costs of security incidents (29%).

“Cyber security can be a huge business enabler, but this research reflects that there is still some work to do at the board level in shifting mindsets. Executive leaders need to think of cybersecurity not only in terms of ticking the compliance box or protecting the company, but also in terms of the value it can deliver at a more strategic level,” said Joseph Carson, Chief Security Scientist and Advisory CISO at Delinea.

On “making the business case to the board and gaps in ITSDM skillsets and changing lines of reporting”, the report notes: “Building out business skillsets may provide the path to better alignment, however respondents listed technical skills as the most valuable for cybersecurity leaders to possess.

“These are rated above skills such as communication, collaboration, business acumen, and managing people.

“Nearly a third (31%) believed that making the business case to their Board and C-Suite was a gap in their own skillset while communication skills were recognised as an area for improvement by 30% of respondents.

“Aligning goals also involves reviewing the reporting lines and CEO-level visibility. However, the Delinea survey suggests that there is little appetite for change in reporting structures, as only 27% of ITSDMs believe the CISOs or the most senior cybersecurity leaders should report to the CEO to best align cybersecurity with the overall goals of the business. ”

”Alignment between cybersecurity and business goals is essential for success. This research clearly highlights the negative consequences when teams’ objectives aren’t fully in sync. Ensuring common agreement across business functions is vital and there is a real value in metrics that not only measure security activity, but which also demonstrate the impact on business outcomes,” Joseph Carson added.

“Communication is key, and while strong technical skills are still important, security leaders need the ability to communicate, influence and present the value they add to business outcomes more frequently than ever. Security leaders that demonstrate this mix of skills, and that have the same end goal in sight as the business, are a force to be reckoned with.”

To download a complimentary copy of the full Delinea report click here

Read 200 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here
BACK TO LATEST NEWS here

GARTNER MARKET GUIDE FOR NDR 2022

You probably know that we are big believers in Network Detection and Response (NDR).

Did you realise that Gartner also recommends that security teams prioritise NDR solutions to enhance their detection and response?

Picking the right NDR for your team and process can sometimes be the biggest challenge.

If you want to try out a Network Detection and Response tool, why not start with the best?

Vectra Network Detection and Response is the industry's most advanced AI-driven attack defence for identifying and stopping malicious tactics in your network without noise or the need for decryption.

Download the 2022 Gartner Market Guide for Network Detection and Response (NDR) for recommendations on how Network Detection and Response solutions can expand deeper into existing on-premises networks, and new cloud environments.

DOWNLOAD NOW!

PROMOTE YOUR WEBINAR ON ITWIRE

It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!