Study: Miscommunications in IT Security Frequently Lead to Cybersecurity Incidents

According to a new report from Kaspersky, 80% of top-tier managers in the U.S. admit that a miscommunication with the IT department or IT security team has resulted in at least one cybersecurity incident in their organizations. With regard to personal attitudes, the majority of non-IT executives cited a diminished sense of cooperation between different teams (43%) and said the situation makes them question their colleagues’ skills and abilities when communicating with their IT security employees (56%).

According to the study, 98% of non-IT respondents experienced miscommunications regarding IT security. With regards to consequences, most often a breakdown in communications leads to serious projects delays (81%) and cybersecurity incidents (62%). Among other negative effects are a wasted budget (73%) and the loss of a valued employees (75%).

In addition, unclear communication with IT security employees also affects the emotional state of employees and leads to executives questioning the skills and abilities of IT security employees. More than 40% of executives admit that misunderstandings make them lose confidence in business security, and 52% reported that their lack of confidence in the team makes them nervous, ultimately affecting their work performance.

“Clear communication between a company’s executives and IT security management is a prerequisite for corporate business security,” said Alexey Vovk, head of information security at Kaspersky. “The challenge is to put oneself in the others’ position and anticipate and prevent serious misunderstandings. This means that CISOs should know basic business language to better explain the existing risks and need for safety measures. On the other hand, business should also understand that information security is an integral part of business and budgeting for it is an investment in protecting company assets.”

Kaspersky conducted a global survey of more than 1,300 business leaders.

Channel Impact^®
Channel partners should help both IT and non-IT managers avoid locking themselves in a professional “information bubble.” Staying aware of the agenda in both the business and cybersecurity worlds is key to successful communication and mutual understanding between them. Cybersecurity specialists should use reliable and understandable arguments when communicating their needs to the board and justifying their cybersecurity budget.