Dive Brief:
- A disconnect is brewing between how C-suite executives and cybersecurity workers perceive security's role, according to a Cloud Security Alliance report released Thursday. The study, sponsored by detection and response firm Expel, surveyed 1,000 IT and security professionals in May.
- While half of C-level executives surveyed said security is "prioritized and strictly enforced" during cloud implementations, just 31% of security workers agreed with the statement, signaling a rift between the importance placed on cloud security across enterprises.
- The data also shows a perception difference on when security enters the development process. Two in five C-suite leaders said security is a priority that is enforced during product development and continuously refined, compared to just over 1 in 4 security workers.
Dive Insight:
Enterprise cybersecurity defenses can help protect businesses from financial and reputational damage. American companies that suffered a data breach paid an average of $9.4 million last year, according to IBM data.
Yet views on cybersecurity vary across the organizational chart. Half of the C-suite leaders surveyed said a strong security posture can increase a company's competitive advantage, while over 1 in 3 rank-and-file security professionals agree.
CSA's analysis suggests executives might be too confident about their company's cyber preparedness.
"C-suite executives, looking at the bigger picture, might be more optimistic, reflecting their organization’s aspirations, whereas security staff working in their specific domains may have a more practical view based on day-to-day operations," the report said.
Amid rising cyber risk, leaders have tried different strategies to boost internal security readiness, including training programs to close existing skills gaps and increased reliance on vendors' security tools.
Despite enterprise efforts and increased interest from government agencies, the majority of security leaders expect a cybersecurity incident will disrupt their business in the next year or two, Cisco data suggests. Just 15% feel prepared to combat the risk.
To enhance the cybersecurity posture of an organization, communication is key, according to CSA.
"The C-suite must establish effective communication strategies, reporting back to security staff about the impact of their work and eliciting their buy-in to the organizational vision," the CSA report found. "Similarly, it is equally important to create channels for security staff to share their realities and challenges with the leadership."