Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

IT Leaders and Staffers Have Disconnect on Security Objectives: Survey

Disconnects don’t work for bridges, and they don’t work for IT security either. However they exist in enterprises nonetheless.

Disconnects don’t work for bridges, and they don’t work for IT security either. However they exist in enterprises nonetheless.

According to a new study from the Ponemon Institute, IT security and IT leaders and their staff do not see eye to eye on security objectives. In a survey of 1,825 IT professionals commissioned by Dell SecureWorks, more than 50 percent of the respondents said their organization’s board of directors and C-level executives are frequently not briefed or given the necessary information to make informed budgeting decisions regarding security priorities and investments.

“Organizations cannot expect to successfully combat today’s increasing cyber threats If important stakeholders, such as the C-level executives and board members, are not adequately informed about their organization’s security strategy, challenges and goals,” said Kevin Hanes, executive director of security and risk consulting for Dell SecureWorks, in a statement.

The survey also found that 58 percent of the study’s respondents either did not think or were unsure if their organization had the necessary resources to achieve compliance with security standards and laws.

“What is especially worrying about this response is that not only does non-compliance put organizations at risk for legal action and fines, but even organizations which have achieved compliance, can many times still be compromised,” Hanes added.

Seventy-two percent of security and IT leaders believe it is most important to find ways to improve the organization’s security posture, while 83 percent of staff cited the minimization of downtime as the primary security objective.

When asked about the most serious security threats, security and IT leaders called third-party mistakes – such as missteps by cloud providers – a bigger threat (49 percent) than negligent insiders (37 percent). Meanwhile, IT staff members classified unsecure Web applications and negligent insiders as more serious threats.

“The differing security views and priorities between the security and IT leaders and their staff members signals a serious misalignment between the two groups,” said Hanes. “Every member of an organization’s…IT department, whether a leader or a staff employee, should be working toward the same security goals. If the company wants to establish a strong security position, this misalignment must be addressed.”

Advertisement. Scroll to continue reading.
Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

Shane Barney has been appointed CISO of password management and PAM solutions provider Keeper Security.

Edge Delta has appointed Joan Pepin as its Chief Information Security Officer.

Vats Srivatsan has been appointed interim CEO of WatchGuard after Prakash Panjwani stepped down.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.