When it comes to cybersecurity, chances are your clients talk the talk a whole lot better than they walk the walk.
So finds a new report, entitled Tilting the Playing Field: How Misaligned Incentives Work Against Cybersecurity, from Intel Security and the Center for Strategic and International Studies (CSIS).
This new 34-page report is based on Intel and CSIS’s recent survey of 800 cybersecurity pros worldwide. Respondents included both security executives and operators working at organizations that employ at least 500 people and were in one of five industries: IT/telecom, finance, healthcare, public education and government.
“Cybercriminals have the advantage,” the report begins. Driving that advantage, it adds, are 3 big forces:
> Corporate structures: Bureaucracy and top-down decisions are the norm at most larger organizations. While that may be fine for running the business, it’s not so fine for fighting cybercrime. The bad guys, unlike business leaders, operate in a fluid, decentralized environment, one that allows them be agile and quick to adapt. That puts businesses at a huge disadvantage.
> The strategy-implementation disconnect: Talking the talk, more than 90 percent of respondents said their organizations have a cybersecurity strategy. But walking the walk, fewer than half say those strategies have actually been implemented. The result? Nearly 85 percent of respondents said their organizations have suffered a cybersecurity breach.
> Perceptions of reality: The higher the job title, the better things look. When asked if their organizations’ cybersecurity strategy was fully implemented, about 55 percent of executives answered yes. But among operators, only about 45 percent said yes. The report suggests the gap is caused by differing metrics. Execs tend to include organizations goals such as cost control and reputation, while operators tend to focus solely on technical measures.
How to help clients improve their cybersecurity? The Intel/CSIS report points to several actions solution providers can suggest, including:
> Provide incentives: Cybersecurity professionals say they’d like to receive more incentives for good work. These include financial bonuses, recognition and awards, promotions and paid time off.
> Work with government: More than 85 percent of respondents said public-private partnerships around cybersecurity are either very or somewhat useful.
> Implement Security as a Service: With cybercrime cloud-based and flexible, protective measures need to be, too. Security services provided by a managed security services provider can not only offer highly effective protection, but also lower costs. And if that MSSP is you, all the better.