Chief Information Security Officers (CISO) in enterprises across the globe are regularly summoned by their superiors to share insights on the cybersecurity posture of the organisation and to discuss security recommendations going forward.
However, this hasn’t translated into increasing budgets or improved security. In many instances, IT departments are forced to share their budgets with other parts of the organisation.
This is according to a new report by Kaspersky. It claims that almost nine in ten (89 per cent) CISOs are regularly summoned by the board of directors to discuss security (57 per cent have regular, scheduled meetings). In most cases they discuss an event of an internal cybersecurity incident.
But this hasn’t improved the budgets or the position of the security teams within an enterprise. As a matter of fact, more than half (54 per cent) of respondents admit they share their organisation’s IT budget with other departments. That makes a significant portion of them (43 per cent) feel they’re competing with other business and IT initiatives. For them, that’s one of their top three challenges.
“As the study shows, boards of directors now understand that cybersecurity is an important part of business success. Nevertheless, there’s still a challenge for CISOs to be able to convert this understanding into actual support. Speaking business language instead of using technical jargon, focusing on how to solve problems and bringing in third-party expertise to justify meaningful measures are all key components to win over directors,” comments Veniamin Levtsov, VP of Corporate Business, at Kaspersky.