Over 90% of IT teams, trading security for business operations

September 9, 2021

EXECUTIVE SUMMARY:

The coronavirus pandemic massively accelerated digital transformations, and cloud computing infrastructure is part of the new normal. Failing to secure this infrastructure could undercut an enterprise. However, IT decision-makers report that security has been taking a back seat.

A new survey indicates that 91% of IT decision-makers feel “pressured” to prioritize business continuity and productivity over security. Organizational economics may represent a driving factor in security slumps. Outdated, slow or difficult-to-use security tools may also represent key culprits.

New security perspectives

Of the survey respondents, 76% indicated that security had been deprioritized amidst the coronavirus pandemic. Further, 83% perceive remote work as a prime potential catalyst for corporate security incidents.

In recent months, the fight for cyber security budget and prioritization has led to low morale among IT teams.

Cyber security controls

Respondents indicated that younger workers tend to circumvent cyber security controls in order to optimize project speed and delivery times. Of this group, 48% note that security tools tend to slow down work. More than 30% have attempted to evade security altogether.

A majority of 18-24 year-old employees expressed greater concern around meeting project deadlines than in making sure that their organization remained secure. This may be a function of inadequate security education and awareness levels. Much of this group remained unaware of their employer’s security policies.

Additional key survey findings

37% of office-based employees perceive security policies as overly restrictive
80% of IT teams have observed dissatisfaction among remote employees when it comes to security
83% of IT teams stated that mixed-use devices and the fuzzy boundaries between work life and home life rendered enforcement “impossible”

Strengthening the CISO/CFO relationship

The importance of a tight alliance between a CISO and a CFO cannot be overstated. As one CFO says, “Good cybersecurity is expensive, and bad cybersecurity is, well… even more expensive,” expertly pinpointing the need for unobstructed channels of communication between what are sometimes seemingly opposed sectors of a company. Here are a handful of tips and tricks to strengthen the CFO-CISO alliance in your company:

A point of contention is often ‘how much cyber security to invest in,’ with a CISO advocating for a force field between the company and the hackers, and the CFO weighing the probabilities of certain types of attacks, and proposing a more modest plan. CISOs can advance their points of view by outlining the specifics of the threat ‘who, what, where, when and why’, clearly articulating the value of investments. With a broader picture of the risks, CFOs will also be able to better understand the ROI.
Actively avoid the “ROI Death Spiral”, a situation where CFOs demand exacting proof of ROI prior to rubber stamping their CISO’s budget. Yes, world-class cyber security is a financial necessity.
As Krebs on Security notes, “…considering how much marketing (think consumer/customer data) and human resources (think employee personal/financial data) are impacted by your average data breach, it’s somewhat remarkable that more companies don’t list their chief security personnel among their top ranks.” Insure that your CISO receives the recognition and voice that he/she deserves. After all, you’ve already expressed how important they are vis-a-vis their compensation package. Equal footing will lead to a stronger partnership, and better overall security.

The CISO reality

At present CISOs are seeing an increasing volume of cyber threats and more sophisticated threats than ever before. Teams work 24/7 to keep businesses running. In this process, security professionals are also working to minimize security gaps created as organizations transitioned to remote work last year.

CISOs assert that security continues to remain a team sport. Everyone needs to engage around security; from the C-suite to rank-and-file employees.

For insights into how to prevent a cyber pandemic, click here. For more information about increasing cyber security awareness, click here. Lastly, to sign up for the Cyber Talk newsletter, click here.