A 2015 study showed “a disturbing rift in cyber security knowledge between those who make decisions and manage the budgets and those who have to implement and manage the security measures.” What are the consequences of that gap, and what can you do about it?
For enterprises to best defend against security threats, they need to reconsider corporate communication at all levels. With the accepted reality that a breach will happen for most companies, corporate security is no longer an IT concern, but a business concern. The hole in communication between executives and the security team can result in costly losses and damages to data and enterprise reputation.
According to a 2015 Ponemon study, boards of directors are not as informed and knowledgeable about cyber security risks as they should be in order to fulfill their governance responsibilities. Across a wide range of industry sectors, IT professionals reported a lack of confidence in the effectiveness of their board’s cyber security practices.
The lack of communication works both ways, though. While professionals question the governance of security policies and procedures, they tend to focus on incident response to minimize the impact on the business without communicating their primary concerns to the board. As a result, their security concerns differ from those of the IT professionals.
The consequences of this gap in communication are vast and not only financial. Breaches result in a loss of confidential data and sensitive records. There are also financial impacts as well as loss of confidence in the brand. The average cost of a breach has risen to an average of $7 million, but there are also legal ramifications for not being in compliance with laws and regulations.
Reconfiguring the executive team and making security and technology a top priority and agenda item will shift the focus and open lines of communication. Staying informed and knowledgeable about the security of the enterprise will also build a valuable trust between the board and IT professionals.