Skip to main content

IT security programmes being delayed by board hold-ups

UK firms are split between a desire protect their products or their business when it comes to security priorities, according to new research.

A report from Optiv found that many UK IT security decision makers feel a lack of proper security focus and understanding in their business is harming overall growth potential.

Overall, nearly three in five IT leaders felt a lack of board understanding of security priories was making it impossible to get approval for their work, a critical issue when over half (56 percent) of firms required board sign off to begin their security programmes.

This led to only 23 percent saying they felt the rest of their business understands the security strategy extremely well. 

This constant need to stay on top of industry-wide issues alongside specific company priorities led nearly two out of three firms to say their security programme was "continuously reactive" in order to deal with constantly changing legislation, threats, and other external factors.

“Security teams that focus purely on the external threat are being left behind by the pace of business and digital change,” said Simon Church, Optiv’s general manager and executive vice president, Europe. 

“We are seeing a significant shift to a ‘business-first’ perspective among cyber leaders, which balances risk with the imperatives of the modern enterprise. However, many organisations are still married to the antiquated outside-in model, which is predicated on buying security technologies based on the latest trends and vulnerabilities in a problem and response manner. This approach allows the landscape, rather than enterprise objectives, to dictate security infrastructure and operations, and often ignores the other important elements of a successful security programme - people and process.”