According to findings from a new global Ponemon study: “2015 Global IT Security Spending and Investments”, IT security and IT leaders and their staff members do not agree on security objectives.
The study, commissioned by information security product company Dell SecureWorks, surveyed 1825 IT security and IT leaders and their staff. The participants were based in 42 countries in North America, Europe, Middle East, Africa, Asia Pacific, Japan and Latin America. The study’s objective was to determine the key influencers that are driving security budgets and technology purchases.
One findings was that more than half of the respondents surveyed stated that their organisation’s board of directors and C-Level executives are frequently not briefed, nor are they given the necessary information to make informed budgeting decisions regarding security priorities and the investments in technology and personnel required.
Kevin Hanes, executive director of Security and Risk Consulting for Dell SecureWorks, said: “Organisations cannot expect to successfully combat today’s increasing cyber threats If important stakeholders, such as the C-level executives and board members, are not adequately informed about their organisation’s security strategy, challenges and goals.”
A good half, 58 percent of the study’s respondents said they did not think or were unsure if their organisation possessed sufficient resources to achieve compliance with security standards and laws.
Hanes said: “What is especially worrying about this response is that not only does non-compliance put organisations at risk for legal action and fines, but even organisations which have achieved compliance, can many times still be compromised. This is why Dell SecureWorks always advises its clients to build and maintain a robust, layered security program, so as to ensure a strong security stance and meet its compliance requirements.”
The security views and priorities held by the security and IT leaders were in contrast to their staff members’ views and priorities. Here are some of the responses:
· Security and IT leaders believe it is most important to pursue improvement in the organisation’s security posture (72 percent of respondents), while security and IT staff members see the minimisation of downtime as the primary security objective (83 percent of staff respondents).
· Security and IT leaders view third-party mistakes, including those made by cloud providers, as a more serious cyber threat (49 percent of leader respondents) than negligent insiders (37 percent of leader respondents), while security and IT staff members consider insecure Web applications and negligent insiders as more serious threats (57 and 56 percent of staff respondents, respectively).
Hanes said: “The differing security views and priorities between the security and IT leaders and their staff members signals a serious misalignment between the two groups. Every member of an organisation’s security IT department, whether a leader or a staff employee, should be working toward the same security goals. If the company wants to establish a strong security position, this misalignment must be addressed.”
And Dr Larry Ponemon, Chairman and Founder of the Ponemon Institute, said: “I hope IT Security and IT leaders and their staff, as well as C-level executives and board of directors, read this report and reevaluate their security programs to ensure that there is a thorough understanding and consensus among them as to their organisation’s security challenges and objectives.”
To download the report: “2015 Global Study on IT Security Spending and Investments,” click here: http://www.secureworks.com/resources/articles/featured_articles/report-global-it-security-spending-investments
