Security remains an "afterthought" for businesses

Distrust between departments is hurting security by design

Only a third of new business initiatives bring in the security team right at the beginning, according to research from EY.

The analyst firm's annual Global Information Security Survey revealed that only 36% of business plans and projects bring in the security department at the start — despite six in ten saying their organization had seen an increase in attacks over the past year.

Advertisement - Article continues below

"If we ever hope to get ahead of the threat, we must focus on creating a culture of security by design," says Kris Lovejoy, EY Global Cybersecurity Leader. "This can only be accomplished if we successfully bridge the divide between the security function and the C-suite and enable the chief information security officer (CISO) to act as a consultant and enabler instead of the stereotypical roadblock."

Indeed, the EY research suggested a disconnect between the wider business and cyber security teams. While security teams work well with the wider IT department, as well as connected areas such as legal, risk and auditing, that's not true for other departments. According to the survey of 1,300 security leaders around the world, three quarters say the relationship between their own teams and marketing is at best neutral, with two-thirds saying the same with research. Perhaps more worrisome is that 57% report a strained relationship with finance — problematic when seeking budget.

"Cybersecurity has traditionally been a compliance activity, bolted on by a checklist approach instead of built into every technology-enabled business initiative," says Lovejoy. "This is not a sustainable model."

The solution, she said, is building trust. "As companies undergo transformation, what's needed is to build relationships of trust across every function of the organization, starting at the board level so that cybersecurity is established as a key value enabler," says Lovejoy. "Boards, senior management teams, CISOs and leaders throughout the business must collaborate to position cyber security at the heart of business transformation and innovation."

The research also uncovered a shift in the source of such attacks against organizations. While organized crime groups are still responsible for most cyber security incidents, at 23%, activism climbed to 21% of successful attacks from 12% the year before.

Featured Resources

Top 5 challenges of migrating applications to the cloud

Explore how VMware Cloud on AWS helps to address common cloud migration challenges

Download now

3 reasons why now is the time to rethink your network

Changing requirements call for new solutions

Download now

All-flash buyer’s guide

Tips for evaluating Solid-State Arrays

Download now

Enabling enterprise machine and deep learning with intelligent storage

The power of AI can only be realised through efficient and performant delivery of data

Download now


cyber security

Report: 16.5 million Britons fell victim to cyber crime in the past year

1 Apr 2020
Amazon Web Services (AWS)

AWS launches Amazon Detective for investigating security incidents

1 Apr 2020

UK government to launch coronavirus 'contact tracking' app

1 Apr 2020
video conferencing

Zoom admits meetings don't use end-to-end encryption

1 Apr 2020

Most Popular


Google releases location data to show effectiveness of coronavirus lockdowns

3 Apr 2020
data management

Oracle cloud courses are free during coronavirus lockdown

31 Mar 2020

These are the companies offering free software during the coronavirus crisis

2 Apr 2020