A Kaspersky study has revealed that every third C-level executive globally (34%) struggles to speak about adopting new security solutions with their IT or IT security colleagues.
For those surveyed in South Africa, this figure is 39%. Globally, however, many feel that increasing the budget for cybersecurity is the toughest topic to discuss with non-IT management.
According to the poll the majority of IT workers say that the main reason their cybersecurity budget was lowered was that top management sees no reason to invest much in this sphere. Kaspersky conducted a special survey to explore if this situation might be a result of unclear communication between IT security staff and executives, and discover whether there is a lack of mutual understanding between these two groups.
For the respondents from South Africa, the survey reveals that 59% of top managers think IT-security employees should better communicate cyber risks to business, while 12% of cybersecurity workers surveyed locally admit they have some difficulties explaining any aspect of their work to non-IT colleagues and executives.
The survey revealed that locally, for C-level executives’ the three toughest subjects to talk about with IT staff are: adopting new security solutions (39%), changes to the cybersecurity policy (38%) and expanding the budget for IT security (29%).
On the subject of finding common ground, the majority of respondents globally agree that the most efficient ways to facilitate discussions about IT-security issues are to choose real life examples and to use reports and numbers.
Besides these topics, local C-level executives also said that real-life examples (58%) would allow them to best understand their IT-security staff, along with references to their previous experience (49%), references to authoritative opinions (43%) and reports and numbers (39%).
“It can be assumed that non-IT executives struggle to discuss the adoption of new cybersecurity solutions because of the abundance of complex technical terms and concepts often used by IT security staff. The latter, however, don’t like to speak about increasing budgets since C level executives expect them to use business metrics to justify their needs,” says Ivan Vassunov, vice-president: corporate products at Kaspersky.
“Today, in a difficult economic environment and complicated threat landscape mutual understanding between business and IT security people is more important for business continuity than ever before. To avoid additional cybersecurity risks it is crucial that both teams know how to speak a common language based on numbers, reliable references and understandable arguments.”