Joseph Carson, chief security scientist and advisory chief information security officer (CISO) at Delinea, said its poll of 2000 cybersecurity ‘decision-makers’ in companies with more than 500 employees suggested “some work to do” in promoting cybersecurity’s value among managers.
“Cybersecurity can be a huge business enabler,” Carson said.
“Executive leaders need to think of cybersecurity not only in terms of ticking the compliance box or protecting the company, but also in terms of the value it can deliver at a more strategic level.”
According to Delinea, 61% of IT security decision makers who responded feel that business leaders don’t fully understand the link between cybersecurity and business outcomes.
The report based on the survey argued that this disconnect came with “negative consequences” for 89% of respondents as well as an increased likelihood of successful cyberattack.
Some 17% said that cybersecurity was simply not seen as “a business priority”, according to Delinea, with 31% saying the situation caused extra stress for “the whole security team”.
Yet at the same time, 62% of cybersecurity decision-makers in the survey said that security teams met their business counterparts “at the highest level” regularly, while 54% confirmed that security team members had been embedded within “business functions”.
The vendor added however that it felt there was room to improve nevertheless.
Only 48% in the survey said they were documenting policies and procedures to facilitate alignment and 33% said they only aligned with business functions on an ad hoc basis – when business leaders deemed it necessary.
Metrics on cybersecurity were primarily linked to statistics such as attack prevention or compliance objectives and cost reduction, Delinea confirmed.
“Ensuring common agreement across business functions is vital and there is a real value in metrics that not only measure security activity but demonstrate the impact on business outcomes,” Carson said in the announcement.
“While strong technical skills are still important, security leaders need the ability to communicate, influence and present the value they add to business outcomes.”
Delinea believed that building out business skillsets may “provide the path to better alignment”.
Yet, in the survey, only 27% of respondents indicated a belief that CISOs or the most senior cybersecurity leaders should report to the CEO to best align cybersecurity with the overall goals of the business.
Delinea PAM offerings include Secret Server and Server Suite for secure, consolidated identity access and authentication, including for users of Active Directory (AD), multi-factor authentication (MFA), Red Hat Enterprise Linux (RHEL), and IBM AIX Unix systems.