Story image

IT teams and management at odds over security policies, survey finds

10 Apr 17

New Zealand organisations are struggling to manage the multitude of issues surrounding cyber attacks - and many executives can’t even agree amongst themselves, a new study by Perceptive on behalf of Kordia has found.

According to the survey of 180 IT decision makers, medium-sized businesses are open to attacks, leaders have little confidence in data breach policies; and executives from the technical and business side cannot agree how to approach information security.

The research found that businesses are relatively well prepared to respond to attacks, there are gaps. Security is still just an IT issue rather than a company-wide discipline.

70% of respondents of organisations that have security policies are confident they can prevent a breach - however 46% CEOs and general managers disagree. 

“Cyber attackers thrive in gaps. While it’s good to see that most businesses are aware of the necessity for sound information security policies, procedures and enabling infrastructure, more needs to be done – particularly around training and policy implementation. And the ‘she’ll be right’ approach taken by medium-sized businesses is potentially leaving them wide open to attack,” says Scott Bartlett, Kordia Group CEO.

82% of respondents in organisations with more than 200 employees said there are enough tools to help them make informed security decisions - compared to 58% of those with 50-99 employees.

“Businesses with 20 to 99 employees are less well prepared as they likely don’t have the budget, the skills or the inclination to focus on information security. Instead, energies are more likely to be focused on operational issues,” Bartlett says.

70% of respondents overall said their organisation has security policies or training, but only 58% of medium-sized businesses have them.

The survey also picks up a lack of communication between chief executives/general managers and chief technology officers. Only 54% of CEOs/GMS know about the policies and training systems around online security, compared to 84% of IT staff.

Bartlett says technical staff are generally more confident because they’re involved in the design. He believe executives either don’t know enough, or they see an inadequate policy. 

He believes that disconnect is a problem, because security is everyone’s concern.

“It is encouraging that most companies do recognise the necessity for cyber security as a component of their IT and business organisation,” Bartlett notes.

“However, there is still work to be done in terms of making this a companywide issue, rather cyber security remaining in the domain of technical staff members. And both small and medium-sized businesses should realise that they are just as much in hackers’ crosshairs as their larger counterparts,” he says.

How to stay safe when shopping online
Online shopping is a great way to avoid the crowds – but there are risks.
Dell EMC embeds security in latest servers
Dell EMC's 14th generation of PowerEdge servers has comprehensive management tools to provide security across hardware and firmware.
Why data backups should be a part of daily operations
"Disaster recovery needs to address complete system failure and provide a set of security policies to govern disaster incidents."
Businesses focusing on threats from within - survey
Over 50% of respondents reported that 100 days of dwell time or more was representative of their organisation.
GCSB welcomes Inspector-General's report on intelligence warrants
Intelligence warrants can include surveillance, private communications interception, searches of physical places and things, and the seizure of communications, information and things.
Corelight and Exabeam partner to improve network monitoring
The combination of lateral movement and siloed usage of point security products leaves many security teams vulnerable to compromise.
SailPoint releases first identity annual report
SailPoint’s research found that many organisations are lacking maturity in their governance processes over identities.
Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."