IT security and IT leaders and their staff members do not agree on security objectives, according to findings from a new global Ponemon study.
One of the key findings from the study was that more than 50 percent of the respondents surveyed stated that their organization’s board of directors and C-Level executives are frequently not briefed, nor are they given the necessary information to make informed budgeting decisions regarding security priorities and the investments in technology and personnel required.
“It’s remarkable that despite widespread attention many senior executives are not yet fully briefed on security priorities. This may be explained by the fact that so few are actually held accountable. While this perception exists, organizations will continue to experience incidents and the loss of trust from impacted customers,” said Raj Samani, VP and CTO EMEA at Intel Security.
Another alarming finding was that 58 percent of the study’s respondents said they did not think or were unsure if their organization possessed sufficient resources to achieve compliance with security standards and laws.
An additional finding of note is that the security views and priorities held by the Security and IT leaders were in stark contrast to their staff members’ views and priorities. Here are some of the responses:
- Security and IT leaders believe it is most important to pursue improvement in the organization’s security posture (72 percent of respondents), while security and IT staff members see the minimization of downtime as the primary security objective (83 percent of staff respondents).
- Security and IT leaders view third-party mistakes, including those made by cloud providers, as a more serious cyber threat (49 percent of leader respondents) than negligent insiders (37 percent of leader respondents), while security and IT staff members consider insecure Web applications and negligent insiders as more serious threats (57 and 56 percent of staff respondents, respectively).
“The differing security views and priorities between the Security and IT leaders and their staff members signals a serious misalignment between the two groups,” said Kevin Hanes, executive director of Security and Risk Consulting for Dell SecureWorks.. “Every member of an organization’s Security IT department, whether a leader or a staff employee, should be working toward the same security goals. If the company wants to establish a strong security position, this misalignment must be addressed.”