Cyber-security is rarely out of the news these days, with large businesses and organisation under attack. This is now increasingly moving to medium-sized organisations, who are also seeing their capital, reputation and intellectual property challenged by new and insidious threats. However, according to IT solutions and managed services provider (MSP) EACS, while many IT teams are taking steps to improve their organisations’ security posture, their efforts are being hampered by an indifference to the topic within the broader C-suite.
A report by the Economist Intelligence Unit reveals a disconnect between the C-suite and IT teams when it comes to prioritising cyber prevention. Although cyber security ranked as the number one priority for IT teams, it languished in ninth place for the C-suite, far behind things like business growth and new customer acquisition.
For Kevin Timms, CEO of EACS, cyber-security can no longer just be seen as an issue for the IT department to sort out and senior management needs to become fluent in the language of security if they are to improve the way that their companies deal with threats.
Timms comments: “Cyber-attacks are rapidly growing in both number and severity and while that is broadly recognised at all levels of the organisations we speak to, there’s still a bit of a disconnect in the C-suite and a lack of responsibility, a gap which seems to be more distinct in medium-sized businesses. It is of course to be expected that the C-suite is focused on the business growth and to an extent it is understandable that there’s less focus on cyber-security because this is a primary area of focus for IT teams, but the fact is that the success of a business is increasingly contingent on its ability to protect itself from cyber threats and maintain the integrity of its data. The two need to go hand-in-hand and without sufficient support at the highest levels of a business, strong cyber-security measures will struggle to take hold.”
“It’s also important to remember that IT security is not just about building a bigger firewall, but the processes of the company and a shift in attitude. Everyone within a business needs to think about what they do on a day-to-day basis to make sure they behave in a way that is beneficial to the company as a whole; from the top down and vice versa.
“With the C-suite and the IT teams working collaboratively to understand the full impact of a cyber-attack on the business and outlining a full programme for prevention, there will be a greater recognition of the potential threats the business faces. Businesses need to dedicate time and resources to the issue, which can be achieved by enlisting the help of third parties like Managed Service Providers (MSP). By partnering with MSPs with the experience and expertise to deliver a comprehensive cyber-security programme, the C-suite can rest assure that their business has room to grow while the IT teams can focus on business development rather than worrying about security,” concluded Timms.