Get All Access for $5/mo

A Lack of Communication on Cyber Security Will Cost Your Business Big (Infographic) IT professionals need to effectively communicate the real risks of data breaches to leaders.

By Ethan Oberman Edited by Dan Bova

Opinions expressed by Entrepreneur contributors are their own.

When it comes to cyber security, most CEOs don't get it. That was the conclusion of a recent survey of IT security professionals on the state of their companies' defenses against data leaks or malicious attacks.

The survey, sponsored by Websense and conducted by the Ponemon Institute, exposes the lack of communication between IT and upper management about the importance of cyber security and the damage a data breach can do to a company's public image and bottom line.

More than half of security professionals believe that their organizations' security controls don't provide adequate protection against advanced cyber attacks, according to more than 5,000 IT professionals from 15 countries including the U.S. The same portion of IT professionals said that executives fail to appreciate the value of putting effective security controls in place, and do not equate a data breach with financial loss. This echoes a similar study conducted last year, also by the Ponemon Institute, which concluded that a majority of IT professionals fail to communicate security risks effectively to upper management.

Related: CEOs Can No Longer Sit Idly By on Cybersecurity

It's time for a wakeup call. As the size and cost of data breaches continue to mount, CEOs must recognize the importance of protecting their companies' sensitive data. In this modern era, all enterprises are involved in handling valuable information. There is simply no room for lax practices, a concept that should be understood at all levels and not just among rank-and-file IT workers.

These reports show that along with managing and developing defenses against emerging security threats, IT security professionals also need to focus on informing upper management about the seriousness of security threats and convincing them to allocate adequate resources to protect against data breaches.

The high cost of low security. Financial repercussions of a data breach are huge -- an average of $5.4 million per organization, according to the 2014 Websense-Ponemon report. Last year, we witnessed massive data breaches that took place due to malicious programs such as the RAM Scraper malware and Ransomware.

The Target breach that affected millions of customers was the result of malware accessing point of sale terminals within the company's retail facilities. Target suffered a huge loss as a result of the data breach -- possibly as much as $1 billion.

CEOs and CIOs ultimately bear the responsibility of data breaches, which means there should be major incentives for everyone to help create better communication channels and work together to ensure implementation of strong security policies and practices within the organization.

Senior managers tend to view IT security as a luxury, not a necessity, and often fail to account for the financial implications of a data breach. In the midst of developing new products and services, security takes a backseat, as adding additional layers of security controls can impact time to market and potentially create a less-than-optimal user experience.

A stitch in time saves nine. While executives may view the longer product development cycles and additional security protocols as a drain on productivity, studies show that productivity costs are much greater for companies that fail to implement adequate security practices in advance.

Related: Cyber Safeguard Faces Big Hurdle

According to a study sponsored by HP Enterprise Security, 30 percent of the cost of a data breach was due to business disruption or lost productivity. The study found that companies that invest in adequate resources, appoint a high-level security leader, and employ certified or expert staff have cybercrime costs that are lower than companies that have not implemented these practices. The cost savings for companies deploying proper security governance practices is estimated at more than $1 million on average, according to the study.

So why are so few companies putting adequate focus on security and protecting sensitive data? Less than a third of companies have a crisis-containment plan in place for security breaches and failures, according to a report sponsored by IBM. The problem, we believe, lies in IT professionals not communicating the real costs and benefits of a comprehensive security strategy.

How to tell your boss to boost security protocols. To see how the communication between IT professionals and executives can be improved, it helps to take a look at the 2014 Websense-Ponemon report. The report found several key reasons why communication between executives and IT is so ineffective:

  • Communication stays within silos instead of spreading across the company.
  • Security talks occur at a low level, and are rarely brought to executives attention.
  • Security professionals warnings are too technical in nature, and don't translate the threats into easy-to-understand language.
  • Criticisms of existing practices are often filtered out before being presented to management.

Security pros can effectively tackle these issues by taking the following actions:

  • Ensure that cross-functional teams are allowed to communicate risks effectively, and that awareness of these risks spread beyond the walls of the IT department. People in engineering, sales and marketing also need to be aware of security risks.
  • IT professionals must turn technical details of security risks into information that can be easily comprehended and digested by upper management.
  • Finally, it is the responsibility of the CIO or top IT executive to address these issues directly with the CEO and executive team. This way, the issues are brought directly to their attention, and facts are not filtered out by intermediate players.

As more data moves into the cloud and across other devices, companies face a greater risk of losing sensitive information to attackers or unauthorized users. Ultimately, organizations that invest in more robust data protection face lower costs in the long run. That's the message that executives need to hear.

Click to Enlarge+
A Lack of Communication on Cyber Security Will Cost Your Business Big

Ethan Oberman

CEO and Co-founder of SpiderOak

Ethan Oberman is the co-founder and CEO of SpiderOak, the 'zero-knowledge' privacy cloud technologies provider.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Editor's Pick


ChatGPT is Becoming More Human-Like. Here's How The Tool is Getting Smarter at Replicating Your Voice, Brand and Personality.

AI can be instrumental in building your brand and boosting awareness, but the right approach is critical. A custom GPT delivers tailored collateral based on your ethos, personality and unique positioning factors.

Business News

Is the AI Industry Consolidating? Hugging Face CEO Says More AI Entrepreneurs Are Looking to Be Acquired

Clément Delangue, the CEO of Hugging Face, a $4.5 billion startup, says he gets at least 10 acquisition requests a week and it's "increased quite a lot."

Growing a Business

He Immigrated to the U.S. and Got a Job at McDonald's — Then His Aversion to Being 'Too Comfortable' Led to a Fast-Growing Company That's Hard to Miss

Voyo Popovic launched his moving and storage company in 2018 — and he's been innovating in the industry ever since.

Business News

You Can Now Apply to Renew Your U.S. Passport Online — But There's a Catch

The U.S. State Department officially launched the beta program this week.

Business Ideas

63 Small Business Ideas to Start in 2024

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2024.

Business News

Apple Reportedly Isn't Paying OpenAI to Use ChatGPT in iPhones

The next big iPhone update brings ChatGPT directly to Apple devices.