IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Security remains an "afterthought" for businesses

Distrust between departments is hurting security by design

A hand reaching out to touch a holographic padlock

Only a third of new business initiatives bring in the security team right at the beginning, according to research from EY.

The analyst firm's annual Global Information Security Survey revealed that only 36% of business plans and projects bring in the security department at the start — despite six in ten saying their organization had seen an increase in attacks over the past year.

"If we ever hope to get ahead of the threat, we must focus on creating a culture of security by design," says Kris Lovejoy, EY Global Cybersecurity Leader. "This can only be accomplished if we successfully bridge the divide between the security function and the C-suite and enable the chief information security officer (CISO) to act as a consultant and enabler instead of the stereotypical roadblock."

Indeed, the EY research suggested a disconnect between the wider business and cyber security teams. While security teams work well with the wider IT department, as well as connected areas such as legal, risk and auditing, that's not true for other departments. According to the survey of 1,300 security leaders around the world, three quarters say the relationship between their own teams and marketing is at best neutral, with two-thirds saying the same with research. Perhaps more worrisome is that 57% report a strained relationship with finance — problematic when seeking budget.

"Cybersecurity has traditionally been a compliance activity, bolted on by a checklist approach instead of built into every technology-enabled business initiative," says Lovejoy. "This is not a sustainable model."

The solution, she said, is building trust. "As companies undergo transformation, what's needed is to build relationships of trust across every function of the organization, starting at the board level so that cybersecurity is established as a key value enabler," says Lovejoy. "Boards, senior management teams, CISOs and leaders throughout the business must collaborate to position cyber security at the heart of business transformation and innovation."

The research also uncovered a shift in the source of such attacks against organizations. While organized crime groups are still responsible for most cyber security incidents, at 23%, activism climbed to 21% of successful attacks from 12% the year before.

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Most Popular

Actively exploited server backdoor remains undetected in most organisations' networks
cyber attacks

Actively exploited server backdoor remains undetected in most organisations' networks

1 Jul 2022
Macmillan Publishers hit by apparent cyber attack as systems are forced offline
Security

Macmillan Publishers hit by apparent cyber attack as systems are forced offline

30 Jun 2022
Former Uber security chief to face fraud charges over hack coverup
data breaches

Former Uber security chief to face fraud charges over hack coverup

29 Jun 2022