Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

IT Leaders and Staffers Have Disconnect on Security Objectives: Survey

Disconnects don’t work for bridges, and they don’t work for IT security either. However they exist in enterprises nonetheless.

Disconnects don’t work for bridges, and they don’t work for IT security either. However they exist in enterprises nonetheless.

According to a new study from the Ponemon Institute, IT security and IT leaders and their staff do not see eye to eye on security objectives. In a survey of 1,825 IT professionals commissioned by Dell SecureWorks, more than 50 percent of the respondents said their organization’s board of directors and C-level executives are frequently not briefed or given the necessary information to make informed budgeting decisions regarding security priorities and investments.

“Organizations cannot expect to successfully combat today’s increasing cyber threats If important stakeholders, such as the C-level executives and board members, are not adequately informed about their organization’s security strategy, challenges and goals,” said Kevin Hanes, executive director of security and risk consulting for Dell SecureWorks, in a statement.

The survey also found that 58 percent of the study’s respondents either did not think or were unsure if their organization had the necessary resources to achieve compliance with security standards and laws.

“What is especially worrying about this response is that not only does non-compliance put organizations at risk for legal action and fines, but even organizations which have achieved compliance, can many times still be compromised,” Hanes added.

Seventy-two percent of security and IT leaders believe it is most important to find ways to improve the organization’s security posture, while 83 percent of staff cited the minimization of downtime as the primary security objective.

When asked about the most serious security threats, security and IT leaders called third-party mistakes – such as missteps by cloud providers – a bigger threat (49 percent) than negligent insiders (37 percent). Meanwhile, IT staff members classified unsecure Web applications and negligent insiders as more serious threats.

“The differing security views and priorities between the security and IT leaders and their staff members signals a serious misalignment between the two groups,” said Hanes. “Every member of an organization’s…IT department, whether a leader or a staff employee, should be working toward the same security goals. If the company wants to establish a strong security position, this misalignment must be addressed.”

Written By

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Funding/M&A

Twenty-one cybersecurity-related M&A deals were announced in December 2022.

Management & Strategy

Microsoft making a multiyear, multibillion dollar investment in the artificial intelligence startup OpenAI, maker of ChatGPT and other tools.