Security Leaders Struggle to Communicate Risks and Needs

Security Leaders Struggle to Communicate Risks and Needs

By Laura Stotler

Security should top the list of priorities for business leaders, yet security leaders struggle to communicate their risks and needs to upper management. They also lack the tools required to automate some of their work.

New research from Blue Lava and AimPoint Group examines how effective security leaders are at managing their programs as well as communicating needs and priorities to executives and boards at their organizations. It also offers insights about security program management practices along with advanced features like automation that many leaders are deploying to streamline their operations.

Security leaders are playing more significant roles in the boardroom and making higher-level management decisions than they previously did. But that influence comes with the price of more frequent scrutiny from senior executives and the resulting time spent in meetings.

The report found that 37.3 percent of security leaders meet quarterly with their board of directors, while nearly 40 percent meet with them monthly.

The bottom line is that, while security is a high priority and has made its way into the boardroom, operational processes and tools are still lacking that would positively impact the effectiveness of C-suite meetings. The goal of those meetings is to communicate security priorities and investment needs, but security leaders don't always succeed in relaying their most pressing needs and risks.

One of the issues is security leaders spend as much as 80 hours preparing for a single meeting with management, yet lack some of the valuable tools that would automate much of this prep work. Automation tools would successfully free up hundreds of hours per year for CISOs and other senior security leaders.

“The study confirms that while frequent interaction between security leaders and boards of directors has become the norm, CISOs struggle to communicate their risks, progress, needs, and priorities to top executives and boards of directors,” said Demetrios Lazarikos, co-founder of Blue Lava. “We're seeing more and more accountability at the board level for cybersecurity initiatives — the recent SEC Guidelines on Cybersecurity is a key initiative that supports this effort.”

Security leaders also believe there are many areas of their programs that need improvement, and that more value could be added by collecting security data more efficiently. Leaders also believe peer data can be used to benchmark their program performance and help define and implement a long-term security roadmap.

The research, conducted in December of 2021, queried 268 U.S. CISOs, CIOs and senior security and risk managers at organizations with 500 or more employees. Blue Lava and AimPoint found that a majority of organizations only conducted an annual assessment of the maturity and effectiveness of their security programs or only did so for audits or other special situations.

For the latest information about the cyber landscape, join MSP Expo 2022, delivering four days of education and networking specifically focused on the MSP community, including one full track dedicated to security.  MSP Expo 2022 takes place June 21-24, 2022 in Ft. Lauderdale, Florida and is collocated alongside the other #TECHSUPERSHOW events, including ITEXPO, Future of Work Expo, IoT Evolution Expo, The Blockchain Event, and more

Edited by Erik Linask
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

MSPToday Contributing Editor

Related Articles

ICYMI: From the MSP Market

By: Greg Tavarez    4/19/2024

Partnerships and product enhancements are on track to make waves in the MSP market.

Read More

Telesystem Launches #HackersSuck Cybersecurity Bundle

By: Greg Tavarez    4/19/2024

Telesystem shakes up the cybersecurity landscape with the launch of its #HackersSuck product bundles.

Read More

ExtraHop Prioritizes Customer Success with New Partner Program

By: Greg Tavarez    4/18/2024

ExtraHop launched its new partner program to create maximum value and opportunity for partners modernizing security infrastructures.

Read More

Cyware Makes Strategic Hire to Fuel Channel-First Strategy

By: Greg Tavarez    4/17/2024

Cyware recently appointed Stephan Tallent as the new Head of Managed Security Service Providers Program.

Read More

Guardians Upgrade Network with Windstream, Targeting Digital Edge

By: Greg Tavarez    4/16/2024

The Cleveland Guardians selected Windstream's services to bolster their IT performance, so it can use today's data-intensive sports applications witho…

Read More