This is the third podcast in a 3-part series exploring cyber security issues, brand reputation, customer data, and productivity. Listen to the first podcast on the cyber-chasm between the C-suite and IT leadership here, and the second podcast on protecting brand reputation here.
When it comes to cyber security, there’s a significant disconnect between a company’s leadership and its security professionals. That’s one of the conclusions from a 2016 study by the Economist Intelligence Unit (EIU), and sponsored by VMware. Interviews with more than 1,100 senior executives from around the world, and across all industries, uncovered substantial differences between C-suite executives and security executives regarding the scale, urgency, and prioritization of cyber security.
The study found cyber security was the leading concern of security executives, with nearly half citing it as their top problem, but also found C-suite executives ranked it much lower, with only one in 20 naming it as their most pressing issue.
Cyber Security Impacts Business Efficiency, Collaboration, and Innovation
“There are three areas that are important to every C-suite: efficiency, collaboration and innovation,” says West Coghlan, senior editor for technology at EIU. “On all of them, by a factor of almost two-to-one, the board sees security as, frankly, hindering those, slowing them down, and acting as friction on each of those areas.”
This isn’t simply a difference of opinion. Cyber attacks can cause material damage to a firm. A single successful attack, such as a breach of customer credit card data, can irreparably harm a carefully constructed company brand. When a company’s leadership doesn’t prioritize security, employees will often follow their example by ignoring security precautions and policies, which can create additional vulnerabilities for cyber attacks.
Coghlan argues security professionals should do three things to close this perception gap and strike a balance between security and productivity.
- Make a bigger, broader, and harder case to senior management that cyber security is not an IT issue but an enterprise-wide issue.
- Create a culture of security built on strong policies and compliance.
- Prioritize the firm’s cyber security because you can’t protect everything.
“There’s a consensus in the security community that you can’t defend everything now, so you have to gear your defenses to what’s important,” says Coghlan. Cyber security has to work well with the business or it won’t work at all.