What many people fail to realize is there’s often a disconnect between business and cybersecurity leaders.
Instead of working together to prevent cyberattacks from happening, these two groups typically work independently of one another. Organizations are finding out now that to operate efficiently and effectively in today’s malware-ridden world, business and cybersecurity leaders must work hand in glove by aligning their initiatives.
The ever-evolving threat landscape is becoming more complex, and as a result, businesses are unable to adequately protect themselves from cybercriminals deploying more advanced and sophisticated attacks. According to a global industry study, titled “The Rise of the Business-Aligned Security Executive,” published by cybersecurity company Tenable, ninety-four percent of organizations have experienced a business-impacting cyberattack in the past 12 months. While there are many reasons why malicious actors are winning (including the cybersecurity skills gap and shrinking of IT budgets), most security and business leaders aren’t currently aligned in measuring and managing cybersecurity as a strategic business risk.
According to the same report, fewer than 50 percent of security leaders are framing cybersecurity threats within the context of a specific business risk. For instance, though 96 percent of surveyed respondents had developed response strategies to the COVID-19 pandemic, 75 percent of business and security leaders admitted their response strategies were only “somewhat” aligned. While this may not seem like a big deal to small business owners, it is — just take a look at the data.
When businesses align security and industry, the results are significantly better. For example, compared to their siloed peers, business-aligned security leaders are eight times more likely to be highly confident in their ability to report on their organizations’ security or risk level, according to Tenable’s study.
Additionally, businesses with industry-aligned cybersecurity leaders are three times more likely to ensure that cybersecurity objectives coordinate with business priorities. They have a holistic understanding of their organization’s entire attack surface (the number of possible ways an attacker can get into a network).
Bringing together business and cybersecurity strategies is necessary to protect your business from cybercriminals in today’s ever-evolving threat landscape. Your chief information security officer (CISO) should be involved in any conversation about developing and executing business strategies.
If you’re not aligning business and security, your business is at risk.