C-suite and managers, the disconnect around cyber risk

EXECUTIVE SUMMARY:

Do you ever feel as though you and your boss have totally different visions for and expected outcomes around a project? Don’t worry, your boss’s boss likely feels the same way about your boss — at least when it comes to assessing cyber risk and cyber security threats.

A new industry survey shows how IT personnel at varying levels of seniority tend not to see eye-to-eye when it comes to interpreting risk. Each of these individuals has a very different view of the biggest challenges facing their IT or security departments.

By the numbers

  • 59% of directors and 51% of managers stated that their largest day-to-day challenge consists of the sheer volume of cyber threats that they need to keep pace with.
  • In contrast, 52% of information technology professionals at the SVP level expressed that their most significant challenge is that the C-suite remains uninformed about cyber and IT risks.
  • Adding to the complexity, information technology professionals at the C-suite level described insufficient funding (42%) and leadership turnover (40%) as their biggest challenges.

When it comes to cyber/IT risk in strategic planning, only 37% of managers said that they felt extremely confident about their leadership’s approach. However, 63% of SVPs viewed cyber/IT risk plans favorably, and 56% of the C-suite thought along the same lines.

What does this mean?

The findings described above reveal a deep disconnect between how leaders at varying levels think and feel about cyber/IT risk and its governance.

One expert says that part of the disconnect may stem from the fact that upper-level management may not always recognize that vulnerabilities aren’t necessarily something that you can plan for. In turn, upper-level management may inherently feel better about cyber risk than someone who’s ‘in the weeds’ and has a more nuanced understanding of how threats work.

Another possible reason for the disconnect is that upper-level leaders are trained to solve strategic problems, and are therefore accustomed to thinking about risk through one particular lens. Rank-and-file information technology professionals are trained to monitor alerts (among other things), and thus perceive risk from an entirely different perspective.

What everyone agrees on

This survey also showed that IT/security professionals across leadership levels are concerned about under-staffing throughout the information security and Governance, Risk and Compliance (GRC) departments.

Eighty-percent of respondents worried that their information technology leaders were under-resourced, while 79% agreed that turnover represented a significant problem.

More than 80% of directors say that they raised concerns around cyber/IT risk pertaining to specific business initiatives with company leadership. However, just 30% of those at the C-level said that they shared those concerns with other senior corporate leaders, implying that there isn’t always the possibility resolving issues due to resource constraints.

To that effect, it’s imperative that organizations invest in risk and pursue technologies that will drive efficiencies, enable the business and enhance business growth prospects.

For more of the latest leadership insights, please see CyberTalk.org’s past coverage. To receive more cyber security news, best practices, analyses and leadership resources, please sign up for the CyberTalk.org newsletter.

The post C-suite and managers, the disconnect around cyber risk appeared first on CyberTalk.