A Hanover Research survey of 131 information security professionals revealed key differences between the way executive and non-executive IT professionals communicate with senior leadership.
Key survey findings include:
- Only 38% of non-executive respondents use business-oriented language when communicating with senior executives
- 48% of non-executive respondents believe it is somewhat or very difficult to discuss information security with senior management
- 78% of executive respondents and 85% of non-executive respondents ranked risk management as the highest among key issues they need to communicate with executive leadership about.
“Information security risk is getting a lot of attention due to high-profile incidents and increasing pressure from the SEC, but the good news is this means critical security and risk conversations are occurring at very senior levels in the organization,” said Dwayne Melancon, chief technology officer for Tripwire.
The bad news is most IT security professionals haven’t developed the necessary skills to communicate effectively with non-technical executives.
Melancon continued: “IT security professionals tend to focus on granular, technical information, but senior leadership wants to focus on how security can protect business goals like revenue growth, profit, competitive agility and customer satisfaction. This ability to communicate the value of information security in terms easily understood by the rest of the business is a critical skill for career success in IT security. Connecting security to the business is destined to become the new normal.”