Security remains an "afterthought" for businesses

Distrust between departments is hurting security by design

Only a third of new business initiatives bring in the security team right at the beginning, according to research from EY.

The analyst firm's annual Global Information Security Survey revealed that only 36% of business plans and projects bring in the security department at the start — despite six in ten saying their organization had seen an increase in attacks over the past year.

Advertisement - Article continues below

"If we ever hope to get ahead of the threat, we must focus on creating a culture of security by design," says Kris Lovejoy, EY Global Cybersecurity Leader. "This can only be accomplished if we successfully bridge the divide between the security function and the C-suite and enable the chief information security officer (CISO) to act as a consultant and enabler instead of the stereotypical roadblock."

Indeed, the EY research suggested a disconnect between the wider business and cyber security teams. While security teams work well with the wider IT department, as well as connected areas such as legal, risk and auditing, that's not true for other departments. According to the survey of 1,300 security leaders around the world, three quarters say the relationship between their own teams and marketing is at best neutral, with two-thirds saying the same with research. Perhaps more worrisome is that 57% report a strained relationship with finance — problematic when seeking budget.

Advertisement - Article continues below
Advertisement - Article continues below

"Cybersecurity has traditionally been a compliance activity, bolted on by a checklist approach instead of built into every technology-enabled business initiative," says Lovejoy. "This is not a sustainable model."

The solution, she said, is building trust. "As companies undergo transformation, what's needed is to build relationships of trust across every function of the organization, starting at the board level so that cybersecurity is established as a key value enabler," says Lovejoy. "Boards, senior management teams, CISOs and leaders throughout the business must collaborate to position cyber security at the heart of business transformation and innovation."

The research also uncovered a shift in the source of such attacks against organizations. While organized crime groups are still responsible for most cyber security incidents, at 23%, activism climbed to 21% of successful attacks from 12% the year before.

Featured Resources

Preparing for long-term remote working after COVID-19

Learn how to safely and securely enable your remote workforce

Download now

Cloud vs on-premise storage: What’s right for you?

Key considerations driving document storage decisions for businesses

Download now

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Transforming productivity

Solutions that facilitate work at full speed

Download now



University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020
Policy & legislation

Senators propose a bill aimed at ending warrant-proof encryption

24 Jun 2020

Most Popular


How to find RAM speed, size and type

24 Jun 2020
Policy & legislation

UK gov buys "wrong" satellites in £500m blunder

29 Jun 2020

The road to recovery

30 Jun 2020