Cybersecurity and Business Priorities Don’t Appear to Be Aligning – and That’s Bad for Your Security Stance

Cybersecurity and Business Priorities Are Not AligningDespite organizational leadership believing cyber security initiatives can support business goals, the way businesses approach cybersecurity seems to prove otherwise.

It’s critical that your organization’s C-Suite to have confidence in their cybersecurity leadership and their choices of initiatives, while also architecting a org structure that ensures the right people at the top are in crystal clear communication with those orchestrating the implementation and management of your cybersecurity. According to new data from LogRythm in their latest research, Security and the C-Suite: Making Security Priorities Business Priorities, you may find that many organizations are simply talking the talk, but not walking the walk.

According to the report:

  • The org structure is completely wrong – 60% of organizations believe the cybersecurity leader should report directly to the CEO because it would create greater awareness of security issues throughout the organization. And yet, on average, the cybersecurity leader is three levels away from reporting to the CEO, with only 7% of cybersecurity leaders actually reporting directly to the CEO.
  • Budget isn’t being allocated properly – Only 23% of cybersecurity leaders have complete ownership over their budget, so they rely on senior leadership to assist with allocating needed budget. 63% of orgs say the budget is insufficient to invest in the right technologies, and yet 64% of cybersecurity leaders report to the board on the effectiveness and efficiency of security programs and measures. So the board knows, but isn’t allocating enough.
  • The board has a false confidence (and no real understanding) – Nearly half (46%) of all senior leadership have confidence that the cybersecurity leader understands the business goals, and yet, 54% of security leaders only report to the board either once annually or only when a security incident occurs.

With "changes in threats, attacks, and vulnerabilities" being the largest factor (62% of security leaders) influencing an increase in the security budget, taking advantage of continual Security Awareness Training – which keeps users up to date on the latest tactics, scams, and campaigns, so they can avoid becoming the entrypoint for a cyberattack – just makes sense.

Request A Demo: Security Awareness Training

products-KB4SAT6-2-1New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn't a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4's security awareness training and simulated phishing platform and see how easy it can be!

Save My Spot!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe To Our Blog

Ransomware Hostage Rescue Manual

Get the latest about social engineering

Subscribe to CyberheistNews