The need for a cybersecurity strategy is apparent and the risks are real – for both external and internal threats. Internal breaches have escalated and now make up 75% of cyberattacks. Stemming from the hands of employees, people talk about insider risk less despite the rising numbers, and prevention strategies may tend to focus more on the wrongly perceived bigger dangers of malicious external hackers.
According to a May 2018 survey, a large number of companies fail to implement a defined security strategy, and many CEO’s fail to take preventative action. For all the hype about cybercrime, that’s a large number of unprotected businesses that are approaching their security without a well-developed plan. Even with a carefully developed strategy, there’s one element of the plan that is often missed.
Lack of strategy continuity within a business
If a strategy is left up to the frontline IT and security teams who may have the most knowledge about risks due to their day-to-day tasks, key decision makers who may carry the most weight in enforcing strategy from the top down may not have a say. Additionally, there’s the chance that if your company leaves out executives, they may not realise the full extent of risks or understand the need for better solutions to avert them.
The survey also found that there was a marked disparity in the level of concern about security between executives and IT/security professionals. Security concerns among executives was rated 55% lower than IT employees who have more direct involvement in managing systems and security.
There may be multiple reasons for the divide, including the executive level’s focus on bottom-line initiatives, a lack of easy visibility into risks and disengagement with system security oversight.
Clear communication is required
To bridge the gap, executives need direct involvement in strategy design. More importantly, communication is a vital component – not only to create strategy but also to ensure the knowledge of risks makes its way to the top and eliminates any disconnect.