KUALA LUMPUR, Jan 13 (NNN-Bernama) — Miscommunication with the information technology (IT) department or IT security team has resulted in at least one cybersecurity incident in 62 per cent of companies, global cybersecurity company Kaspersky revealed.
Kaspersky head of information security Alexey Vovk said that clear communication between a company’s executives and IT security management is a prerequisite for corporate business security.
“The challenge here is to put oneself in the other’s position, to anticipate and prevent serious misunderstandings. This means that, on the one hand, the chief information security officer should know the basic business language to better explain the existing risks and the need for safety measures.
“On the other hand, businesses should also understand that information security in the 21st century is an integral part of business and budgeting for it is an investment in protecting company assets,” he said in a statement Friday.
According to Kaspersky, a recent Forrester analytics survey says that companies spend an average of 37 days and US$2.4 million to detect and recover from a cybersecurity breach.
Kaspersky conducted a global survey of more than 1,300 business leaders to determine how much mutual understanding between executives and information security teams affects a company’s cyber resilience.
“According to the results of the study, 98 per cent of non-IT respondents experienced miscommunications regarding IT security.
“With regard to consequences, most often a breakdown in communication leads to serious project delays (67 per cent) and cybersecurity incidents (62 per cent),” it said.
The IT security company said among other negative effects are wasted budgets, the loss of a valued employee and deteriorating relationships between teams.
“In addition to worsening business indicators, unclear communication with IT-security employees also affects the emotional state of the team and makes executives question the skills and abilities of the IT security staff,” it said.
To make the communication between IT security and business functions within the company more transparent, Kaspersky recommended that staff realise that understanding professionals from another sphere require empathy and additional knowledge.
“Staying aware of the agenda in both the business and cybersecurity worlds is another key to successful communication and mutual understanding between them.
“Cybersecurity specialists should use reliable and understandable arguments when communicating their needs to the board and justifying their cybersecurity budget, and companies are also forced to increase their information security budgets,” it added.
— NNN-BERNAMA