Story image

IT teams and management at odds over security policies, survey finds

10 Apr 17

New Zealand organisations are struggling to manage the multitude of issues surrounding cyber attacks - and many executives can’t even agree amongst themselves, a new study by Perceptive on behalf of Kordia has found.

According to the survey of 180 IT decision makers, medium-sized businesses are open to attacks, leaders have little confidence in data breach policies; and executives from the technical and business side cannot agree how to approach information security.

The research found that businesses are relatively well prepared to respond to attacks, there are gaps. Security is still just an IT issue rather than a company-wide discipline.

70% of respondents of organisations that have security policies are confident they can prevent a breach - however 46% CEOs and general managers disagree. 

“Cyber attackers thrive in gaps. While it’s good to see that most businesses are aware of the necessity for sound information security policies, procedures and enabling infrastructure, more needs to be done – particularly around training and policy implementation. And the ‘she’ll be right’ approach taken by medium-sized businesses is potentially leaving them wide open to attack,” says Scott Bartlett, Kordia Group CEO.

82% of respondents in organisations with more than 200 employees said there are enough tools to help them make informed security decisions - compared to 58% of those with 50-99 employees.

“Businesses with 20 to 99 employees are less well prepared as they likely don’t have the budget, the skills or the inclination to focus on information security. Instead, energies are more likely to be focused on operational issues,” Bartlett says.

70% of respondents overall said their organisation has security policies or training, but only 58% of medium-sized businesses have them.

The survey also picks up a lack of communication between chief executives/general managers and chief technology officers. Only 54% of CEOs/GMS know about the policies and training systems around online security, compared to 84% of IT staff.

Bartlett says technical staff are generally more confident because they’re involved in the design. He believe executives either don’t know enough, or they see an inadequate policy. 

He believes that disconnect is a problem, because security is everyone’s concern.

“It is encouraging that most companies do recognise the necessity for cyber security as a component of their IT and business organisation,” Bartlett notes.

“However, there is still work to be done in terms of making this a companywide issue, rather cyber security remaining in the domain of technical staff members. And both small and medium-sized businesses should realise that they are just as much in hackers’ crosshairs as their larger counterparts,” he says.

Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
Verifi takes spot in Deloitte Asia Pacific Fast 500
"An increasing amount of companies captured by New Zealand’s Anti-Money laundering legislation are realising that an electronic identity verification solution can streamline their customer onboarding."
Businesses too slow on attack detection – CrowdStrike
The 2018 CrowdStrike Services Cyber Intrusion Casebook reveals IR strategies, lessons learned, and trends derived from more than 200 cases.
What disaster recovery will look like in 2019
“With nearly half of all businesses experiencing an unrecoverable data event in the last three years, current backup solutions are no longer fit for purpose."
Proofpoint launches feature to identify most targeted users
“One of the largest security industry misconceptions is that most cyberattacks target top executives and management.”
McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.
Symantec and Fortinet partner for integration
The partnership will deliver essential security controls across endpoint, network, and cloud environments.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.