The Language of Risk: Bridging the Disconnect between the C-Suite and Cyber Security Experts
With data breaches regularly marking the headlines, it is no surprise that digital threats constitute an increasingly significant concern for the C-Suite and cyber security experts.
What is surprising, however, is that these two groups don’t seem to share the same view of information security. They have different opinions when it comes to the digital threat landscape in general as well as their organization’s level of preparedness in particular.
This disconnect has become apparent across numerous studies. Let’s examine a few below:
In February 2017, BAE Systems found that just over a third (35 percent) of C-Suite executives believed their IT teams were ultimately responsible for addressing a data breach, whereas half of IT decision makers thought this responsibility resided with senior management and leaders.
These employees also differed in their estimations surrounding the cost of a successful digital attack, with IT decision makers’ guess ($19.2 million) almost twice as much as that of the C-Suite ($11.6 million). Additionally, while 82 percent of IT teams felt that cyber security spending was part of a comprehensive strategy, only half of the C-Suite believed this to be the case.
More than a year after BAE Systems’ research came out, Varonis discovered that this disconnect dividing the C-Suite and cyber security executives was alive and well.
Its 2018 research specifically uncovered a divergence in what the two groups thought was the most significant business impact of a data breach. The C-Suite thought it was the cost of recovery, while the cyber security experts felt it was a loss of brand image.
Also, while more than 90 percent of IT and security professionals felt their organizations were making progress in security and were using a cyber security approach that aligned with its business interests, only around 70 percent of the C-Suite expressed (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Irfahn Khimji. Read the original post at: https://www.tripwire.com/state-of-security/risk-based-security-for-executives/disconnect-csuite-cyber-security/
