Disparity between executives and those responsible for security
The extreme difference between the two groups may be detrimental to developing sound cybersecurity strategies and acquiring and implementing better solutions to safeguard a company and protect its assets.
In a May survey of executives, IT, security, audit and finance professionals conducted by Americas' SAP Users' Group (ASUG), only 25 percent of executives, including C-level employees such as CIOs and CTOs, stated that they were very or extremely concerned about security.
In contrast, 80 percent of IT and security respondents reported their concern level in the very and extremely concerned range.
Survey insights included in the report state that many companies may overestimate their security. This could be true especially among executives if they don't have a full understanding of the scope and number of risks and how they can impact the potential for a breach.
Paterson further surmised that while they may ultimately get the blame for a cyberattack, executives may also be more focused on strategic initiatives that drive the bottom line, whereas, according to the survey summary, "dedicated security professionals understand the nuances of security and see it as a significant challenge. They likely have a more accurate assessment of their environment."
One problem that could occur due to this disconnect is that executive-level employees, who generally control budgets and are top decision makers, may not comprehend the actual degree of risk and may be more hesitant to invest in better strategies or tools to prevent threats, putting their businesses at even more risk.
According to the survey, a full 33 percent of respondents don't have a defined cybersecurity strategy, which supports the more intense concern among IT and security respondents. And there appears to be a link between having a strategy and automation.
Those with strategies were more likely to use automated solutions to manage access and security for their systems, which as the survey concluded, does help reduce governance, risk and compliance challenges. ■