The majority (60%) of non-IT C-suite leaders are “very” or “extremely” confident in their organization’s ability to prevent, or stop, a destructive cyberattack in the next 12 months, new research has claimed.
However, a report from cybersecurity experts Ivanti found their IT peers think differently, causing frustration and suggesting that non-IT leaders don’t really understand the risks cyberthreats actually pose. In fact, less than half (46%) of IT professionals are equally confident.
The two sides have aligned in terms of vulnerability management. The majority of IT and security pros (55%) believe their peers don’t fully understand it, which is something 47% of the non-IT agrees with.
Failure to communicate
“When leaders don’t understand vulnerability management, they may not realize how changing leadership priorities can impact the security of their organization,” Ivanti argues. “In fact, more than 1 in 4 IT professionals say patch management is undermined by changing leadership priorities.”
The two sides have disparate priorities, Ivanti further notices. Non-IT execs are more focused on financial, legal, and reputational impacts than their IT peers. For example, a quarter (24%) of executive leaders label the reputational impact of cyber risks as ‘high’ compared to only 15% of CISOs.
For Mike Riemer, Field CISO at Ivanti, it’s the CISOs duty to “effectively communicate” the actual risks their organizations are faced with. “The threat landscape is growing increasingly volatile and unpredictable and CISOs are tasked with enabling employees to remain productive and secure,” he said. “The success of the CISO organization is imperative to ensure the success of the entire organization, which explains why cybersecurity has elevated to being a board level discussion.”
Over the past two years, cyberthreats have gotten significantly more complex, largely due to the introduction of generative artificial intelligence (genAI), Ivanti concludes. Today, almost a third of CISOs don’t have a documented strategy that addresses the elevated risk.