Source – Kaspersky
Miscommunication between executives and IT security teams can lead to cybersecurity incidents
- 62% of top-tier managers admit that poor communication with the IT department or IT security team has led to at least one cybersecurity incident in their organizations.
- 22% of business respondents often don’t understand the terms, technology, and arguments used by IT teams.
Cyberattacks are a major concern for organizations of all sizes and industries and can have severe consequences for the organization and its customers. However, it is not uncommon for cyberattacks to occur due to poor communication between executives and the IT security team rather than from external cyber threats.
According to Kaspersky, 62% of top-tier managers admit that poor communication with the IT department or IT security team has led to at least one cybersecurity incident in their organizations. Most non-IT executives cited a lack of cooperation between teams (34%) and questioned the skills and abilities of IT security employees when communication was unclear (33%).
The Forrester analytics study also found that companies spend an average of 37 days and US$ 2.4 million to detect and recover from a cybersecurity breach. The survey by Kaspersky of more than 1,300 business leaders shows that 98% of non-IT respondents experienced miscommunications regarding IT security, often resulting in serious project delays (67%) and cybersecurity incidents (62%).
Miscommunications also led to wasted budgets, loss of valuable employees, and deteriorating relationships between teams, which occurred in 61% of respondents. In addition, unclear communication affects the team’s emotional state, causes executives to lose confidence in the safety of the business, and impacts their work performance.
How serious is the IT security language barrier?
The use of technical jargon and specialized language can create a barrier to effective communication between IT security teams and non-IT executives within an organization; this miscommunication could lead to catastrophic issues such as cyber-attacks and data breaches.
One common challenge is that executives may not fully understand the technical details of cybersecurity measures, making it difficult for them to give informed decisions and support for security initiatives. On the other hand, teams may struggle to communicate the importance and relevance of security measures to the broader business objectives of the organization.
According to a recent survey, 42% of C-level and business leaders want IT security professionals to inform them more clearly about cybersecurity issues. In comparison, 76% of cybersecurity respondents do not see the issue, claiming they have not faced problems in work-related communications.
The survey also found that 42% of business executives think IT security employees could be clearer when passing on information about the risks and consequences to their business in case of a cybersecurity incident. Business leaders believe soft skills are the issue, with 40% saying security employees should develop their communication, presentation skills, project management, and team leading.
Which of the following statements, if any, is relevant to you when the communication with your IT-security employees isn’t clear/you don’t understand?
Additionally, 22% of business respondents often don’t understand the terms, technology, and arguments used by IT colleagues when discussing IT-security-related topics, and 17% sometimes don’t understand the importance of cybersecurity discussions with IT managers.
This communication gap is evident because only 51% of non-IT executives can confirm that they are fully informed about the cybersecurity readiness of their organization. In comparison, only 10% of security executives acknowledge difficulties explaining any aspect of their work to colleagues and top management. Although 77% of security professionals state they have no difficulties communicating their work, the disconnect between the two groups persists as they do not recognize the issue. 76% of IT staff are under the impression that their explanations and arguments are well understood by non-IT management and colleagues.
According to Alexey Vovk, Head of Information Security at Kaspersky, effective communication between a company’s executives and IT security management is crucial for the overall security of the organization.
“The challenge here is to put oneself in the others’ position, to anticipate and prevent serious misunderstandings. This means that, on the one hand, CISO should know basic business language to better explain the existing risks and need for safety measures. On the other hand, business should also understand that information security in the 21st century is an integral part of business and budgeting for it is an investment in protecting company assets,” he continued.
READ MORE
- Enhancing Business Agility with SASE: Insights for CIOs in APAC
- 3 Steps to Successfully Automate Copilot for Microsoft 365 Implementation
- Trustworthy AI – the Promise of Enterprise-Friendly Generative Machine Learning with Dell and NVIDIA
- Strategies for Democratizing GenAI
- The criticality of endpoint management in cybersecurity and operations