Fixing the communications breakdown between IT security and the board and c-suite

Become An Insider

Sign up now and get FREE access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content. Learn more.

In the months before an unexpected crisis, IT security requests specific tools, training, and additional staff to keep enterprise data safe, but does not substantiate the need in terms the business can understand. The c-suite denies the requests, pointing to the investments they have already made in security technologies. Suddenly, hackers strike with a massive cyber attack.

Suffering financial losses and brand damage, the c-suite asks IT security what happened. Security responds that they need specific tools, training, and staff to mitigate these concerns. But again, security does not make a business case in language the c-suite can appreciate. The leadership turns to existing vendors, who sell them their latest security products.

Armed with products that do not address all the specific vulnerabilities the company has, the c-suite returns to other matters. Months later the enterprise falls prey to similar attacks. A cyber security communications break down has kept the enterprise moving through this same cycle for years. The answers to breaking out of that rut lie in fixing those communications.

Finally, IT security experiences an absence of threat intelligence and security operations capabilities that leaves its teams handicapped when fighting the company’s security battles. The spend on expensive security tools such as Next-Gen Firewalls remains high while the investment in relatively inexpensive security staff training is underwhelming.

To continue reading this article register now

SUBSCRIBE! Get the best of CSO delivered to your email inbox.