Research from LogRhytm highlights a discount between business leaders and the evolving cybersecurity threat. The research suggests that 93% of security leaders do not report directly to the CEO and in many cases, nobody is held accountable at the time of the attack.
“We’ve seen the threat landscape evolve rapidly over the last 12-18 months and that means the C-Suite must understand and recognise changing risk profiles and empower IT security leaders to react,” said Andrew Hollister, deputy CSO and VP Labs at LogRhythm.
“The impact of lockdowns and quarantines on cybersecurity should be a wake-up call that ensures there is accountability for cyberattacks from security teams through to the CEO. If there are security risks that are not being addressed, IT security leaders should be able to provide recommendations and concrete actions that the CEO and board can approve or reject,” he added.
The survey of 1,426 security professionals recently conducted by the Ponemon Institute on behalf of the vendor, found that 60% of organisations experienced cyber-attacks in the past two years and in 35% of the cases nobody was held accountable at the time those attacks occurred.
The study shows that 60% of the respondents surveyed believe that IT security leaders should report directly to the CEO as it creates internal awareness of the security risks affecting the organisation.
However, because the average security leader is, three steps away from the CEO, only 43% of respondents say their organisation values and effectively leverages the expertise of IT security leaders, the survey revealed.
Almost half (46%) of respondents also said that top management does not have any confidence in IT security leaders when it comes to understanding business objectives.
Kev Eley, VP sales of Europe at LogRhythm said the significant increase in staff working remotely has also created “a whole range of risk for IT security teams”.
“The research shows that this is now the biggest cybersecurity challenge facing organisations. ‘Work from anywhere’ scenarios have to shape security strategies and will require new budget and resource to manage,” Eley said.
“Any major shift in user behaviour requires security teams and organisations as a whole to review, revamp and strengthen their security posture. This makes collaboration and communication between the C-Suite and IT security teams essential,” she added.
These challenges have subsequently led to concerns around job security with 54% of respondents stating they are worried about the security of their job.
A further 63% of the respondents surveyed cited the lack of funds to invest in the relevant technologies as the primary culprit, LogRhytm said.