The vast majority of cybersecurity chiefs (93%) do not report to the CEO, according to a recently published report. As a result, a lack of communication between the C-suite and cybersecurity leaders keeps top executives largely in the dark about their organizations' cybersecurity risks and overall security posture.
The report, published by LogRhythm and based on research by the Ponemon Institute, polled 1,426 security and technology leaders. “On average, respondents are three levels away from the CEO, which makes it very difficult to ensure that leadership has an accurate and complete understanding of security risks facing the organization,” the report says.
Company executives aren’t as focused on security as they should be, instead letting security leaders shoulder most of the burden for protecting the organization. Since they don’t have enough influence with top executives, security leaders struggle to achieve a strong security posture customized to their organizational needs.
Business leaders tend to focus on other areas, such as building a skilled workforce, improving the corporate culture and refining the customer experience. “The importance of having people, process and technologies in place to proactively prevent and detect attacks from hackers, malicious insiders as well as negligent insiders is often being overlooked by the CEO and the board of directors.”
The Business Approach
It’s clear those in charge of cybersecurity need a stronger voice in the C-suite and board of directors. To be heard, security leaders must think in business ter ..
Support the originator by clicking the read the rest link below.
