>
A cybersecurity incident in an organization is not always caused by a vulnerability in a system or by malware that has worked its way in. In many cases, it is simply due to poor communication between the top management of the organization and the IT department (or IT security teams). ).
This is according to a new report from Kaspersky, which surveyed more than 1,300 business leaders about the importance of mutual understanding between executives and IT teams for cyber resilience, with miscommunication often playing a major role.
In fact, 97% of non-IT respondents said they had experienced IT security miscommunications leading to project delays (71%) and cybersecurity incidents (62%). To make matters worse, this is hardly a one-off – nearly a third of respondents said such incidents occurred “more than once”.
Lose confidence
As a result, companies waste their budgets, lose valuable employees, and experience deteriorating relationships between teams.
Some executives go so far as to question their employees’ skills and abilities and lose confidence in their organization’s safety, all of which leads to nervousness that further impairs job performance.
To prevent communication breakdowns from leading to cyber incidents, Kaspersky recommends that executives continue to educate themselves about the work IT teams do, while security officers learn more about basic business terms and concepts. Both parties should not lock themselves into a professional “information bubble”, while cybersecurity professionals should use “trustworthy and understandable” arguments when communicating their needs to the board.
In addition, organizations should spend their IT budget on cybersecurity tools (opens in new tab) with “proven efficacy and ROI”, which should result in fewer false positives and a shorter detection time.
The extra effort is worth it, Kaspersky concludes, citing a recent Forrester study that claims that organizations spend an average of 37 days and $2.4 million on detecting and recovering from a cybersecurity breach.