More than half of top-tier managers surveyed in South Africa (60%) admit that a miscommunication with the IT department or IT security team has resulted in at least one cybersecurity incident within their organisations.
In terms of personal attitudes, the majority of non-IT executives cited a diminished sense of co-operation between different teams (39%) and said its situation makes them question their colleagues’ skills and abilities when communication with their IT-security employees was unclear (40%).
The recent Forrester analytics survey says that companies spend an average of 37 days and of $2,4-million to detect and recover from a cybersecurity breach. To determine how much mutual understanding between executives and information security teams affects a company’s cyber resilience, Kaspersky conducted a global survey of more than 1 300 business leaders.
According to the results of the study, 100% of non-IT respondents surveyed in South Africa experienced miscommunications regarding IT security.
With regards to consequences, most often a breakdown in communications leads to serious projects delays (65%) and cybersecurity incidents (60%). Almost one-third of respondents (27%) even said that they had even encountered these issues more than once. Among other negative effects are a wasted budget (58%), the loss of a valued employee (62%) and deteriorating relationships between teams (56%).
In addition to worsening business indicators, unclear communication with IT-security employees also affects the emotional state of the team and makes executives question IT-security employees’ skills and abilities. Also, 31% of local executives admit that misunderstandings make them lose confidence in the business’ safety and 34% of them find this situation makes them nervous, which affects their work performance.
“Clear communication between a company’s executives and IT security management is a prerequisite for corporate business security,” comments Alexey Vovk, head of information security at Kaspersky. “The challenge here is to put oneself in the others’ position, to anticipate and prevent serious misunderstandings.
“This means that, on the one hand, CISO should know basic business language to better explain the existing risks and need for safety measures. On the other hand, business should also understand that information security in the 21st century is an integral part of business and budgeting for it is an investment in protecting company assets.”