Story image

CISOs: Dedicated investment in security is still lacking

Despite the vast majority of chief information security officers providing direct advise to company directors, dedicated investment in security is still lacking, a new study has found. 

Nine out of 10 CISOs say the board asks them to provide recommendations for the business, but half of companies still lump cybersecurity into IT budget, according to the latest global survey of information security heads commissioned by Kaspersky.

The study revealed 54% of survey respondents admit having to share their organisation’s IT budget.

In Q3 of 2019, 451 Research conducted an independent study, commissioned by Kaspersky, to explore the various factors shaping information security from the perspectives of enterprise security leaders. The study surveyed 305 respondents that have senior or executive responsibility for cybersecurity in enterprises worldwide, with the findings revealing how the nature of cybersecurity and security leadership has evolved.

According to the study, top management seek advice from IT security leaders regardless of the organisation’s reporting structure, with only 23% reporting to the board. 

Business leaders need input from their CISO most often when an internal cybersecurity incident happens –  as recognised by 60% of respondents. However, it’s not all about breaches — executives also seem to be proactive and mindful about how to protect the company now and in the future. 

More than half (57%) of the surveyed IT security chiefs schedule meetings with the board on a regular basis, and 56% are requested to provide their expert opinions on future IT projects.

 However, despite being visible and valuable to the board, CISOs still face difficulties when it comes to justifying necessary spending on IT security. 

Having to siphon their expenses from the broader IT budget, 43% of those surveyed feel that they are in direct competition with other business and IT initiatives, making it one of the top three challenges they face in order to make the case for essential information security investment.

“As the study shows, boards of directors now understand that cybersecurity is an important part of business success. Nevertheless, there’s still a challenge for CISOs to be able to convert this understanding into actual support," says Veniamin Levtsov, VP of Corporate Business, at Kaspersky.

"Speaking business language instead of using technical jargon, focusing on how to solve problems and bringing in third-party expertise to justify meaningful measures are all key components to win over directors,” he says.

To help CISOs communicate effectively with their board of directors, Kaspersky recommends:

  • Shifting from ad hoc communications to regular sync-ups with the business leadership team. It will help to keep the board updated on the company's security measures and remain aware of strategic priorities.
  • Speaking in a language that top management understands. Executives rarely have a security or technical background, so try to avoid IT jargon and refer instead to specific business benefits and opportunities when speaking about security measures.
  • Make sure board members receive security training. This will not only help towards building a corporate-wide cybersecurity culture, but will also highlight the practical value and impact of effective cybersecurity measures.
     
Story image
28 Nov
IDC names Trend Micro number one vendor for SDC security
The new independent report: Worldwide Software Defined Compute Workload Security Market Shares, 2018 revealed Trend Micro achieved a market share lead of 35.5%, almost triple its nearest competitor in 2018.More
Story image
27 Nov
Interview: Microsoft's Diana Kelley talks talent gaps and D&I
Kelley recently spoke at Microsoft Asia’s new Experience Center, where she talked through her experience as a security CTO, as well as IoT security, what’s ahead in 2020, and diversity and inclusion both in the cybersecurity sector, and in technology.More
Story image
27 Nov
Disney+: Is it safe to subscribe?
"Excitement has been building for Disney+ and while it's in limited release, people will seek out alternative means to use the platform."More
Story image
29 Nov
UST Global expands presence with new Singapore office
The new center will enable the company to expand its base in Asia and get closer to its growing pool of institutional investors.More
Story image
06 Nov
Barracuda Networks integrates WAF into cloud platform
 Barracuda Networks announced a new Cloud Application Platform (CAP), which provides security, as well as a new web application firewall (WAF) as a service solution built on Microsoft Azure.More
Story image
05 Dec
The BYOD juggling act: balancing security, privacy and mobility
Left unmanaged, personal devices and unmanaged cloud applications can lead to data loss, but if managed too strictly, the IT team risks a backlash from unhappy employees, Bitglass says. More