A cybersecurity incident in an organization isn’t always caused by a vulnerability in a system, or malware that worked its way inside – in many cases, it’s simply due to poor communication between the organization’s top management and the IT department (or IT security teams).
This is according to a new report from Kaspersky, which surveyed more than 1,300 business leaders on the importance of mutual understanding between execs and IT teams on cyber-resilience, finding miscommunication often playing a major role.
In fact, 97% of non-IT respondents said they experienced miscommunications regarding IT security, which lead to project delays (71%), and cybersecurity incidents (62%). To make matters worse, this is hardly a one-off – almost a third of respondents said such incidents occurred “more than once”.
Losing confidence
As a result, businesses waste their budgets, lose valuable employees, and experience deteriorating relationships between teams.
Some executives go as far as to question their employees’ skills and abilities, and lose confidence in their organization’s safety, all of which lead to nervousness which further hurts work performance.
To prevent communication breakdowns from leading to cyber-incidents, Kaspersky recommends executives educate themselves further on the work IT teams do, while security workers learn more about basic business terms and concepts. Both sides should not lock themselves in a professional “information bubble”, while cybersecurity pros should use “reliable and understandable” arguments when communicating their needs to the board.
Furthermore, organizations should spend their IT budgets on cybersecurity tools (opens in new tab) with “proven efficacy and ROI”, which should result in fewer false positives, and a shorter time of attack detection.
Putting the extra effort is worth it, Kaspersky concludes, citing a recent Forrester survey claiming organizations spend an average of 37 days and $2.4 million to detect and recover from a cybersecurity breach.