Security Leaders Struggle to Communicate Risks and Needs

Security Leaders Struggle to Communicate Risks and Needs

By Laura Stotler

Security should top the list of priorities for business leaders, yet security leaders struggle to communicate their risks and needs to upper management. They also lack the tools required to automate some of their work.

New research from Blue Lava and AimPoint Group examines how effective security leaders are at managing their programs as well as communicating needs and priorities to executives and boards at their organizations. It also offers insights about security program management practices along with advanced features like automation that many leaders are deploying to streamline their operations.

Security leaders are playing more significant roles in the boardroom and making higher-level management decisions than they previously did. But that influence comes with the price of more frequent scrutiny from senior executives and the resulting time spent in meetings.

The report found that 37.3 percent of security leaders meet quarterly with their board of directors, while nearly 40 percent meet with them monthly.

The bottom line is that, while security is a high priority and has made its way into the boardroom, operational processes and tools are still lacking that would positively impact the effectiveness of C-suite meetings. The goal of those meetings is to communicate security priorities and investment needs, but security leaders don't always succeed in relaying their most pressing needs and risks.

One of the issues is security leaders spend as much as 80 hours preparing for a single meeting with management, yet lack some of the valuable tools that would automate much of this prep work. Automation tools would successfully free up hundreds of hours per year for CISOs and other senior security leaders.

“The study confirms that while frequent interaction between security leaders and boards of directors has become the norm, CISOs struggle to communicate their risks, progress, needs, and priorities to top executives and boards of directors,” said Demetrios Lazarikos, co-founder of Blue Lava. “We're seeing more and more accountability at the board level for cybersecurity initiatives — the recent SEC Guidelines on Cybersecurity is a key initiative that supports this effort.”

Security leaders also believe there are many areas of their programs that need improvement, and that more value could be added by collecting security data more efficiently. Leaders also believe peer data can be used to benchmark their program performance and help define and implement a long-term security roadmap.

The research, conducted in December of 2021, queried 268 U.S. CISOs, CIOs and senior security and risk managers at organizations with 500 or more employees. Blue Lava and AimPoint found that a majority of organizations only conducted an annual assessment of the maturity and effectiveness of their security programs or only did so for audits or other special situations.

For the latest information about the cyber landscape, join MSP Expo 2022, delivering four days of education and networking specifically focused on the MSP community, including one full track dedicated to security.  MSP Expo 2022 takes place June 21-24, 2022 in Ft. Lauderdale, Florida and is collocated alongside the other #TECHSUPERSHOW events, including ITEXPO, Future of Work Expo, IoT Evolution Expo, The Blockchain Event, and more

Edited by Erik Linask
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

MSPToday Contributing Editor

Related Articles

More Partners Look to Offer AI/ML Solutions, a Potential New Revenue Stream

By: Greg Tavarez    12/1/2023

A recent TD SYNNEX report revealed that 37% of partners have already incorporated AI/ML solutions into their offerings, and an additional 40% of partn…

Read More

Accenture Expands Footprint, Capabilities in Spain with Innotec Security Acquisition

By: Greg Tavarez    11/30/2023

Accenture expanded its capabilities and footprint in Spain, where 70% of CEOs from large organizations are concerned about their organizations' abilit…

Read More

Majority of Organizations Unprepared to Handle Targeted Cyberattack

By: Greg Tavarez    11/30/2023

The majority of CISOs and 53% of CEOs believe that their organization is unprepared to cope with a targeted cyberattack in the next 12 months, accordi…

Read More

Majority of IT Decision-Makers Opt for Service Provider Support in Cloud Migrations

By: Greg Tavarez    11/30/2023

Many IT leaders say they rely on service provider assistance for successful cloud migrations, according to a recent RapidScale study.

Read More

Alef and Frontera Collaborate and Expand Private Mobile Networks Platform Reach in Schools

By: Greg Tavarez    11/29/2023

Alef recently teamed up with Frontera Consulting Group to provide equal access to quality education, regardless of a student's economic background.

Read More