Security remains an "afterthought" for businesses

Distrust between departments is hurting security by design

Only a third of new business initiatives bring in the security team right at the beginning, according to research from EY.

The analyst firm's annual Global Information Security Survey revealed that only 36% of business plans and projects bring in the security department at the start — despite six in ten saying their organization had seen an increase in attacks over the past year.

"If we ever hope to get ahead of the threat, we must focus on creating a culture of security by design," says Kris Lovejoy, EY Global Cybersecurity Leader. "This can only be accomplished if we successfully bridge the divide between the security function and the C-suite and enable the chief information security officer (CISO) to act as a consultant and enabler instead of the stereotypical roadblock."

Indeed, the EY research suggested a disconnect between the wider business and cyber security teams. While security teams work well with the wider IT department, as well as connected areas such as legal, risk and auditing, that's not true for other departments. According to the survey of 1,300 security leaders around the world, three quarters say the relationship between their own teams and marketing is at best neutral, with two-thirds saying the same with research. Perhaps more worrisome is that 57% report a strained relationship with finance — problematic when seeking budget.

"Cybersecurity has traditionally been a compliance activity, bolted on by a checklist approach instead of built into every technology-enabled business initiative," says Lovejoy. "This is not a sustainable model."

The solution, she said, is building trust. "As companies undergo transformation, what's needed is to build relationships of trust across every function of the organization, starting at the board level so that cybersecurity is established as a key value enabler," says Lovejoy. "Boards, senior management teams, CISOs and leaders throughout the business must collaborate to position cyber security at the heart of business transformation and innovation."

The research also uncovered a shift in the source of such attacks against organizations. While organized crime groups are still responsible for most cyber security incidents, at 23%, activism climbed to 21% of successful attacks from 12% the year before.

Featured Resources

Navigating the new normal: A fast guide to remote working

A smooth transition will support operations for years to come

Download now

Leading the data race

The trends driving the future of data science

Download now

How to create 1:1 customer experiences at scale

Meet the technology capable of delivering the personalisation your customers crave

Download now

How to achieve daily SAP releases

Accelerate the pace of SAP change to support your digital strategy

Download now

Recommended

8 most secure web browsers
web browser

8 most secure web browsers

25 Sep 2020
Your essential guide to internet security
Security

Your essential guide to internet security

23 Sep 2020
How to enable private browsing on any device
privacy

How to enable private browsing on any device

22 Sep 2020
Third-party apps are tracking your WhatsApp activity
social media

Third-party apps are tracking your WhatsApp activity

21 Sep 2020

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
Microsoft hints at stand-alone successor to Office 2019 suite
Microsoft Office

Microsoft hints at stand-alone successor to Office 2019 suite

24 Sep 2020