IT pros lament 'awkward' security discussions with C-Suite

IT pros are having a hard time explaining things to senior management.

"The problem is not the problem. Your attitude towards the problem is the problem. Savvy?” - those are the words of the one and only Captain Jack Sparrow, and it seems it's is not just pirates of the Caribbean that can relate to these wise words, but IT professionals and their C-Suite executives, as well. In a new research report, released by Palo Alto Networks, IT professionals are actually having quite a hard time communicating cybersecurity problems to their superiors. 

In some instances, even harder time than combating the problem itself. More than half (51 per cent) of IT pros have said it’s ‘difficult to highlight possible security system weaknesses for senior management’, while the rest (49 per cent) said it’s more difficult actually admitting something’s wrong.  Almost a third (32 per cent) said that, following a breach, senior managers were usually confused about the whole thing. A third also said adding senior management to the problem only made it more difficult to solve.  

Here’s a funny finding – IT pros sometimes don’t report an incident. The third most common case for it is that it was caused by a member of the senior management team.  IT professionals have also said that it’s most awkward talking about cybersecurity breaches when human factor is to blame, followed by supplier errors.  

“The tensions and gaps in understanding illustrated by this study are apparent. As I talk to companies across EMEA, I spend a lot of time helping them determine how IT security professionals and the rest of the senior management team can get closer on cybersecurity issues that are so serious and strategic,” said Greg Day, vice president and regional chief security officer, EMEA, Palo Alto Networks.  

“Technology can help in simplifying the processes involved, preventing and automating effective responses to incidents. But it’s clear that there needs to be more open dialogue within the senior management team to execute and continually improve on cyberattack prevention strategies.”      

Image Credit: Debasige / Shutterstock