Security Leaders Struggle to Communicate Risks and Needs


Security Leaders Struggle to Communicate Risks and Needs

By Laura Stotler

Security should top the list of priorities for business leaders, yet security leaders struggle to communicate their risks and needs to upper management. They also lack the tools required to automate some of their work.

New research from Blue Lava and AimPoint Group examines how effective security leaders are at managing their programs as well as communicating needs and priorities to executives and boards at their organizations. It also offers insights about security program management practices along with advanced features like automation that many leaders are deploying to streamline their operations.

Security leaders are playing more significant roles in the boardroom and making higher-level management decisions than they previously did. But that influence comes with the price of more frequent scrutiny from senior executives and the resulting time spent in meetings.

The report found that 37.3 percent of security leaders meet quarterly with their board of directors, while nearly 40 percent meet with them monthly.

The bottom line is that, while security is a high priority and has made its way into the boardroom, operational processes and tools are still lacking that would positively impact the effectiveness of C-suite meetings. The goal of those meetings is to communicate security priorities and investment needs, but security leaders don't always succeed in relaying their most pressing needs and risks.

One of the issues is security leaders spend as much as 80 hours preparing for a single meeting with management, yet lack some of the valuable tools that would automate much of this prep work. Automation tools would successfully free up hundreds of hours per year for CISOs and other senior security leaders.

“The study confirms that while frequent interaction between security leaders and boards of directors has become the norm, CISOs struggle to communicate their risks, progress, needs, and priorities to top executives and boards of directors,” said Demetrios Lazarikos, co-founder of Blue Lava. “We're seeing more and more accountability at the board level for cybersecurity initiatives — the recent SEC Guidelines on Cybersecurity is a key initiative that supports this effort.”

Security leaders also believe there are many areas of their programs that need improvement, and that more value could be added by collecting security data more efficiently. Leaders also believe peer data can be used to benchmark their program performance and help define and implement a long-term security roadmap.

The research, conducted in December of 2021, queried 268 U.S. CISOs, CIOs and senior security and risk managers at organizations with 500 or more employees. Blue Lava and AimPoint found that a majority of organizations only conducted an annual assessment of the maturity and effectiveness of their security programs or only did so for audits or other special situations.

For the latest information about the cyber landscape, join MSP Expo 2022, delivering four days of education and networking specifically focused on the MSP community, including one full track dedicated to security.  MSP Expo 2022 takes place June 21-24, 2022 in Ft. Lauderdale, Florida and is collocated alongside the other #TECHSUPERSHOW events, including ITEXPO, Future of Work Expo, IoT Evolution Expo, The Blockchain Event, and more

Edited by Erik Linask

MSPToday Contributing Editor

Related Articles

Tech Teams' New Priorities Engage MSPs

By: Greg Tavarez    7/1/2022

Fifty-two percent of organizations are focused on infrastructure modernization, and tech teams are engaging MSPs to help them achieve business goals.

Read More

Taking Email Signatures to the Next Level

By: Arti Loftus    7/1/2022

Pax8, a global cloud commerce marketplace, announced a global agreement with email signature management firm, Exclaimer Group

Read More

TP-Link Introduces Omada Solution for Multi-Dwelling Units

By: Greg Tavarez    6/28/2022

Private pre-shared Wi-Fi keys will offer MSPs and easy way to provide connectivity to multi-dwelling units with an easy-to-deploy authentication metho…

Read More

Will MSPs Be Successful in 2022?

By: Greg Tavarez    6/28/2022

MSPs, during this time of digital transformation, are offering businesses, especially small- and medium-sized businesses, 24/7 tech support.

Read More

MSPs Receive Benefits Through Dell Expert Network

By: Greg Tavarez    6/28/2022

To help IT consultants and MSPs that want to simplify the purchasing and reselling of Dell equipment, Dell is offering its Dell Expert Network program…

Read More