Reduce Friction Between IT Leaders and C-suite

In addition, more than 80% of IT managers surveyed felt pressured to downplay the severity of cyber risks to their board in fear of sounding too negative or repetitive. While an understandable concern, IT leaders play a critical role in helping the boardroom clearly understand the cyber risk landscape in order to boost cybersecurity investments and enable the organization to grow.

Disagreements aren’t only between IT leaders and the C-suite, friction between IT and business decision makers runs throughout organizations. Case in point: IT leaders are nearly twice as likely as their counterparts to believe that ultimate responsibility for managing and mitigating risk should be with their own colleagues or the CISO.

This friction is already having a notable impact on organizations. Over half reported that their attitude towards cyber risk varies from month to month. This kind of inconsistency is the exact opposite of what’s needed: a stable, well-planned strategy built on best practices and clear insight into the risk environment.

Speaking the board’s language

Many of the business and IT leaders surveyed believe their board will only sit up and take notice of cybersecurity if they suffer a breach, or if customers demand it. How can you convince the board to be more proactive?  IT and security decision makers need to speak the language of business risk that their board will be able to understand and act on. The cost and potential business impact of a security breach will certainly resonate.

As threats increase, the costs to organizations follows suit. One estimate puts the total cost of a breach at over $4.2 million today, but ransomware compromises, for example, have cost some organizations tens of millions in lost sales, productivity outages, IT overtime, and more. The board should also be made aware that 2021 is on track to be a record year for threats, increasing the probability that they’ll be impacted.

Next, security programs must also be formalized: a top-down, documented strategy highlighted by KPIs and established metrics will enhance the board’s understanding of risk. Building a business case to create a new role for Business Information Security Officers (BISOs) may also help with business-security alignment.

For more insights into the psychology of risk and propelling a culture change to enhance security, read Global study: Business friction is exposing organizations to cyber threats.