Story image

IT teams and management at odds over security policies, survey finds

10 Apr 17

New Zealand organisations are struggling to manage the multitude of issues surrounding cyber attacks - and many executives can’t even agree amongst themselves, a new study by Perceptive on behalf of Kordia has found.

According to the survey of 180 IT decision makers, medium-sized businesses are open to attacks, leaders have little confidence in data breach policies; and executives from the technical and business side cannot agree how to approach information security.

The research found that businesses are relatively well prepared to respond to attacks, there are gaps. Security is still just an IT issue rather than a company-wide discipline.

70% of respondents of organisations that have security policies are confident they can prevent a breach - however 46% CEOs and general managers disagree. 

“Cyber attackers thrive in gaps. While it’s good to see that most businesses are aware of the necessity for sound information security policies, procedures and enabling infrastructure, more needs to be done – particularly around training and policy implementation. And the ‘she’ll be right’ approach taken by medium-sized businesses is potentially leaving them wide open to attack,” says Scott Bartlett, Kordia Group CEO.

82% of respondents in organisations with more than 200 employees said there are enough tools to help them make informed security decisions - compared to 58% of those with 50-99 employees.

“Businesses with 20 to 99 employees are less well prepared as they likely don’t have the budget, the skills or the inclination to focus on information security. Instead, energies are more likely to be focused on operational issues,” Bartlett says.

70% of respondents overall said their organisation has security policies or training, but only 58% of medium-sized businesses have them.

The survey also picks up a lack of communication between chief executives/general managers and chief technology officers. Only 54% of CEOs/GMS know about the policies and training systems around online security, compared to 84% of IT staff.

Bartlett says technical staff are generally more confident because they’re involved in the design. He believe executives either don’t know enough, or they see an inadequate policy. 

He believes that disconnect is a problem, because security is everyone’s concern.

“It is encouraging that most companies do recognise the necessity for cyber security as a component of their IT and business organisation,” Bartlett notes.

“However, there is still work to be done in terms of making this a companywide issue, rather cyber security remaining in the domain of technical staff members. And both small and medium-sized businesses should realise that they are just as much in hackers’ crosshairs as their larger counterparts,” he says.

NZ Internet Task Force joins iSANZ Hall of Fame
NZITF chair Barry Brailey and former chairs Mike Seddon and Paul McKitrick received the award in Auckland last week.
Quantum computing: The double-edged sword for cybersecurity
Quantum computing is quickly moving from science fiction to reality.
Three ways to achieve data security whilst enabling BYOD
"A mobility strategy is now more important than ever before, that said, selecting the right one is often no small task."
How IoT and hybrid cloud will change in 2019
"Traditional VPN software solutions are obsolete for the new IT reality of hybrid and multi-cloud."
WatchGuard’s eight (terrifying) 2019 security predictions
The next evolution of ransomware, escalating nation-state attacks, biometric hacking, Wi-Fi protocol security, and Die Hard fiction becomes reality.
GCSB's CORTEX project scoops iSANZ Award
“I believe this award is particularly significant as it is acknowledgement from our peers in the information security industry and from across the private sector."
NZ firms lack cybersecurity confidence, HP survey says
Out of 434 of New Zealand’s small and large businesses, only half (50%) feel confident that they would be able to cope if they experienced a significant cybersecurity breach.
SonicWall secures hybrid clouds by simplifying firewall deployment
Once new products are brought online in remote locations, administrators can manage local and distributed networks.