sb-nz logo
Story image

Business security performance impacting bottom line - Thycotic

02 Dec 2019

Companies that fail to set their IT security teams targets that directly correlate with overall business performance are causing problems for their CEOs according to a new New Zealand and international study by Thycotic, a provider of privileged access management (PAM) solutions.

Out of a sample of 50 New Zealand IT security decision-makers around three quarters (74%) agree that their organisations struggle to align security initiatives to business goals.

And more than six out of 10 (62%) agree there are implications for the CEO if security teams are unable to meet security targets.

Consequences range from headaches such as receiving a hard time from shareholders (52%) and longer hours spent on the job (77%) to serious penalties including lost bonus payments (42%) and even a threat to the job (65%).

Interestingly, meeting performance targets set by the Board did not come out on top when IT security teams were asked to describe what success looks like.

More people rated success as just keeping everything running smoothly (48%) or achieving consistent pay increases and/or bonuses (42%) above performance targets set by the board (36%).

Commenting on the findings, Thycotic chief security scientist and advisory CISO Joseph Carson says, “We live in a new era where CEOs can and will be held accountable for IT security failures that occur on their watch. Today when cybersecurity teams do not meet their targets, it impacts the CEO with longer hours, job insecurity, shareholder pushback, and bonus reductions.

“To minimise the risks, CEOs need to set IT security professionals proactive measures and appropriate budgets that demonstrate the positive contribution they make to overall business performance,” he says.

“A good example is to appoint an IT security professional with good communication skills in charge of cross-departmental co-operation. This has the dual advantage of putting IT security on a more proactive footing and increasing the chances of spotting/remediating digital risks early before they can escalate and cause trouble at Board level.”

Research methodology

Thycotic commissioned independent market research specialist Sapio Research to undertake the study. Sapio asked more than 500 IT security professionals in August 2019 how they measure success and their impact on overall business success.

The sample included 50 respondents from New Zealand from organisations with 500 employees or more from a range of private and public sectors.

The survey also encompassed respondents from the USA, the UK, Germany and Australia.

Interviews were conducted online using a rigorous multi-level screening process to ensure that only suitable candidates were given the opportunity to participate.

Results referenced above all refer to New Zealand respondents only.

Story image
DDoS campaigns, BEC scams & Emotet: CERT NZ reports top security threats
It has been yet another tumultuous quarter for New Zealanders and their wallets, with almost $6.4 million in reported financial losses due to cybersecurity incidents.More
Story image
Voice phishing attacks on the rise, remote workers vulnerable
There is an increase in voice phishing attacks, where hackers use existing employee names in attempt to trick victims into sharing login credentials and data by phone.More
Story image
Video: 10 Minute IT Jams - Vectra AI exec discusses cybersecurity for Office 365
In Techday's second IT Jam with Vectra AI, we speak again with its head of security engineering Chris Fisher, who discusses the organisational impact of security breaches within Microsoft O365, why these attacks are on the rise, and what steps organisations should take to protect employees from attacks.More
Story image
Fortinet named Leader in Gartner Magic Quadrant for Network Firewalls
It is 11th time the company has been recognised in the annual report.More
Story image
Palo Alto Networks launches enterprise data loss prevention service
"As a single centralised cloud service, Palo Alto Networks Enterprise DLP can be deployed across an entire large enterprise in minutes with no need for additional infrastructure."More
Story image
Data leakage concerns dominate cloud security perceptions - Bitglass report
How secure is the public cloud? That’s what many IT and security professionals are asking as data leakage becomes a pressing concern for organisations and their data protection strategies.More