A Lack of Communication on Cyber Security Will Cost Your Business Big (Infographic)

IT professionals need to effectively communicate the real risks of data breaches to leaders.

learn more about Ethan Oberman

By Ethan Oberman • Jul 7, 2014 Originally published Jul 7, 2014

Opinions expressed by Entrepreneur contributors are their own.

When it comes to cyber security, most CEOs don't get it. That was the conclusion of a recent survey of IT security professionals on the state of their companies' defenses against data leaks or malicious attacks.

The survey, sponsored by Websense and conducted by the Ponemon Institute, exposes the lack of communication between IT and upper management about the importance of cyber security and the damage a data breach can do to a company's public image and bottom line.

More than half of security professionals believe that their organizations' security controls don't provide adequate protection against advanced cyber attacks, according to more than 5,000 IT professionals from 15 countries including the U.S. The same portion of IT professionals said that executives fail to appreciate the value of putting effective security controls in place, and do not equate a data breach with financial loss. This echoes a similar study conducted last year, also by the Ponemon Institute, which concluded that a majority of IT professionals fail to communicate security risks effectively to upper management.

Related: CEOs Can No Longer Sit Idly By on Cybersecurity

It's time for a wakeup call. As the size and cost of data breaches continue to mount, CEOs must recognize the importance of protecting their companies' sensitive data. In this modern era, all enterprises are involved in handling valuable information. There is simply no room for lax practices, a concept that should be understood at all levels and not just among rank-and-file IT workers.

These reports show that along with managing and developing defenses against emerging security threats, IT security professionals also need to focus on informing upper management about the seriousness of security threats and convincing them to allocate adequate resources to protect against data breaches.

The high cost of low security. Financial repercussions of a data breach are huge -- an average of $5.4 million per organization, according to the 2014 Websense-Ponemon report. Last year, we witnessed massive data breaches that took place due to malicious programs such as the RAM Scraper malware and Ransomware.

The Target breach that affected millions of customers was the result of malware accessing point of sale terminals within the company's retail facilities. Target suffered a huge loss as a result of the data breach -- possibly as much as $1 billion.

CEOs and CIOs ultimately bear the responsibility of data breaches, which means there should be major incentives for everyone to help create better communication channels and work together to ensure implementation of strong security policies and practices within the organization.

Senior managers tend to view IT security as a luxury, not a necessity, and often fail to account for the financial implications of a data breach. In the midst of developing new products and services, security takes a backseat, as adding additional layers of security controls can impact time to market and potentially create a less-than-optimal user experience.

A stitch in time saves nine. While executives may view the longer product development cycles and additional security protocols as a drain on productivity, studies show that productivity costs are much greater for companies that fail to implement adequate security practices in advance.

Related: Cyber Safeguard Faces Big Hurdle

According to a study sponsored by HP Enterprise Security, 30 percent of the cost of a data breach was due to business disruption or lost productivity. The study found that companies that invest in adequate resources, appoint a high-level security leader, and employ certified or expert staff have cybercrime costs that are lower than companies that have not implemented these practices. The cost savings for companies deploying proper security governance practices is estimated at more than $1 million on average, according to the study.

So why are so few companies putting adequate focus on security and protecting sensitive data? Less than a third of companies have a crisis-containment plan in place for security breaches and failures, according to a report sponsored by IBM. The problem, we believe, lies in IT professionals not communicating the real costs and benefits of a comprehensive security strategy.

How to tell your boss to boost security protocols. To see how the communication between IT professionals and executives can be improved, it helps to take a look at the 2014 Websense-Ponemon report. The report found several key reasons why communication between executives and IT is so ineffective:

  • Communication stays within silos instead of spreading across the company.
  • Security talks occur at a low level, and are rarely brought to executives attention.
  • Security professionals warnings are too technical in nature, and don't translate the threats into easy-to-understand language.
  • Criticisms of existing practices are often filtered out before being presented to management.

Security pros can effectively tackle these issues by taking the following actions:

  • Ensure that cross-functional teams are allowed to communicate risks effectively, and that awareness of these risks spread beyond the walls of the IT department. People in engineering, sales and marketing also need to be aware of security risks.
  • IT professionals must turn technical details of security risks into information that can be easily comprehended and digested by upper management.
  • Finally, it is the responsibility of the CIO or top IT executive to address these issues directly with the CEO and executive team. This way, the issues are brought directly to their attention, and facts are not filtered out by intermediate players.

As more data moves into the cloud and across other devices, companies face a greater risk of losing sensitive information to attackers or unauthorized users. Ultimately, organizations that invest in more robust data protection face lower costs in the long run. That's the message that executives need to hear.

Click to Enlarge+
A Lack of Communication on Cyber Security Will Cost Your Business Big

Ethan Oberman

CEO and Co-founder of SpiderOak

Ethan Oberman is the co-founder and CEO of SpiderOak, the 'zero-knowledge' privacy cloud technologies provider.

Related Topics

Editor's Pick

This Co-Founder Was Kicked Out of Retailers for Pitching a 'Taboo' Beauty Product. Now, Her Multi-Million-Dollar Company Sells It for More Than $20 an Ounce.
Have You Ever Obsessed Over 'What If'? According to Scientists, You Don't Actually Know What Would Have Fixed Everything.
Most People Don't Know These 2 Things Are Resume Red Flags. A Career Expert Reveals How to Work Around Them.
Business News

Survey: A Majority of Americans Are Living Paycheck to Paycheck

Sixty-four percent of U.S. consumers live paycheck to paycheck — even those who earn more than $100,000 a year.

Business News

Massive Fire At Top Egg Farm Leaves Estimated 100,000 Hens Dead. What Does This Mean For Egg Prices?

Hillandale Farms in Bozrah, Connecticut went up in flames on Saturday in an incident that is still under investigation.

Business Solutions

5 Procurement Trends To Keep on Your Radar for 2023

Procurement professionals must adapt to inflation and a shortage of skilled labor in the face of an economic recession. Investing in a workforce paired with retraining and development strategies will put your company on top amid economic uncertainty.

Business News

'This Just Can't Be for Real': Fyre Festival Fraudster Billy McFarland is Now Hiring For His New Tech Company -- And He's Already Selling Merch

McFarland was released from house arrest last September and is currently being ordered to pay $26 million in restitution to fraud victims.

Business News

Out With the Kibble and In With the Steak. The World's Richest Dog Has a Net Worth of $400 Million – And a New Netflix Docuseries Too

'Gunther's Millions' is set to unpack the pooch's mysterious fortune and what those around him have done with his inheritance.