Communications between all business levels is the heart of a successful organization. However, if a recent nine-country survey of cyber security professionals is accurate managers in a large number of organizations are still not getting their messages.
Only 21 per cent of the nearly 700 respondents felt their security teams are highly effective in communicating security risks to C-suite and boards when asked to rank their effectiveness on a scale of one to 10, according to a report from the Ponemon Institute.
The reverse is also true: Only 29 per cent of respondents say their organization’s executives and senior management clearly communicate their business risk management priorities to the IT security leadership.
Those infosec pros who believe they are getting through suggested three reasons why:
–65 per cent said they present technical information in a way that is understandable;
–63 per cent said they keep leaders up-to-date on cybersecurity risks and don’t wait until the organization has had a data breach or security incident;
–and 63 per cent said the information presented to leaders is not ambiguous and is helpful to making decisions.
Respondents were based in Australia, France, Germany, Japan, the Netherlands, New Zealand, Singapore, the United Kingdom, and the United States. Seventy-eight per cent of responding companies had more than 1,000 employees. Seventy-one percent of respondents had the role of CIO/head of IT, CISO/head of security or head of risk management.
Among other numbers in the survey, 53 per cent of respondents said their organization scans for vulnerabilities quarterly or on an ad hoc basis. Nineteen per cent said they scan weekly, 16 per cent said they scan monthly and 12 per cent said they scan daily. That means t only 31 per cent of respondents are scanning more than once a month,
The survey was sponsored by Balbix, which makes vulnerability management tools. The full report can be downloaded here. Registration is required.