Breaches cost companies billions, erode trust and can have a long-lasting negative impact on a company’s brand. With so much as stake, we wondered: are C-Suite executives aligned with their security and IT pros when it comes to cybersecurity?
We asked 345 C-Suite executives and cybersecurity/IT pros in the U.S., U.K., France and Germany some questions to find out.
Get the Free Pen Testing Active Directory Environments EBook
Dreading Data Loss: What are Executives’ Top 3 Cybersecurity Concerns?
Corporate executives share the same concerns as their security teams. When asked to name the top three cybersecurity concerns facing their organizations, both groups cited data loss and data theft/exfiltration as their top two concerns.
However, the two groups differed when naming their third main concern. The cybersecurity/IT pros focused on ransomware like 2017’s WannaCry, which cost organizations an estimated $4 billion in total damages in its wake. The C-Suite group was concerned with risks stemming from data alteration – an act of sabotage by changing critical information, such as code for an automated assembly line.
What Types of Data are Executives Most Concerned with Protecting?
An almost unbelievable 9.7 billion data records have been lost or stolen since 2013. Many of these were consumer accounts – everything from account information, email addresses, phone numbers, personal identifying information and more. When asked what type of data they were most concerned with protecting, both C-Suite executives and cybersecurity/IT pros prioritized customer or patient data and intellectual property. However, the C-Suite executives named protecting employee data over financial data as their third biggest data concern.
Business Impact of Data Breaches
When asked which business issues were affected by cybersecurity, both groups listed the same top three concerns, but in a different order. Cybersecurity/IT pros highlighted brand perception as their top business issue, while the financial-focused C-Suite named costs associated with breach (recovery, regulatory fines, etc.) as their top business issue.
Grading the Security Experts
Cybersecurity/IT folks are a confident bunch: 96% agreed with the statement “My organization’s IT/security planning and approach is aligned with organizational risks and objectives.” The C-Suite group, however, wasn’t as generous in doling out high marks: only 73% agreed. The results suggests that there’s more (team)work to be done to ensure both groups are united in fighting the same battle.
Moving the Cybersecurity Needle
C-Suite members were less likely to agree that their organization is making headway on improving their cybersecurity stance: 69% agreed with the statement “My organization is making measurable progress when it comes to cybersecurity.” The cybersecurity/IT respondents were far more optimistic, with 91% agreeing with this statement. With high-profile breaches hitting some of the largest companies around the world, executives may be more likely to feel like they’re treading water.
Speak Up, Security Pros
The vast majority – 94% of cybersecurity/IT experts – believe their company’s leadership team acts on their advice when it comes to security threats. Not so fast, say the executives: Only 76% report they take input and guidance from their IT and security staff regarding cybersecurity threats. Their responses suggest that security teams and IT pros could benefit from more face time, if not a seat at the executive table.
Quantifying the Cybersecurity Investment
According to Cybersecurity Ventures, spending on products and services will surpass $1 trillion over the next five years. We asked the C-suite and security/IT pros if they could quantify how their cybersecurity measures affected their business. Only 68% of the C-Suite group agreed, while 88% of the cybersecurity/IT group agreed – suggesting that executives need more information on how their cybersecurity investment and efforts are making a quantifiable impact on their company’s bottom line.
Data breaches and security missteps continue to keep C-level executives pacing in their corner offices. Factor in a new crop of data privacy regulations, from the GDPR to the California Consumer Privacy Act, and you’ve got concerned leaders worrying if the next big breach or lawsuit will hit their company – and potentially send them packing. Cybersecurity and IT pros have room to step up and be heard.
What should I do now?
Below are three ways you can continue your journey to reduce data risk at your company:
Schedule a demo with us to see Varonis in action. We'll personalize the session to your org's data security needs and answer any questions.
See a sample of our Data Risk Assessment and learn the risks that could be lingering in your environment. Varonis' DRA is completely free and offers a clear path to automated remediation.
Follow us on LinkedIn, YouTube, and X (Twitter) for bite-sized insights on all things data security, including DSPM, threat detection, AI security, and more.