Delinea’s international survey reveals the necessity to align cybersecurity and enterprise goals to mitigate dangers and obtain optimum outcomes.
When requested in regards to the Board and C-Suite’s understanding of cybersecurity throughout the group, solely 37% of respondents within the UAE and Saudi Arabia consider their firm’s management has a strong understanding of the function of cybersecurity as a enterprise enabler. Over a 3rd (34%) of respondents consider it is just thought-about vital by way of compliance and regulatory necessities, whereas one in 5 mentioned it’s not seen as a enterprise precedence. Moreover, simply over half of respondents (55%) consider there’s a “robust alignment” between enterprise and cybersecurity objectives.
The disconnect seems to have prompted no less than one unfavorable consequence for 94 p.c of regional respondents’ organizations, with greater than 1 / 4 (28 p.c) additionally reporting that it led to an elevated variety of profitable cyber assaults in opposition to their firm.
The affect of misaligned objectives on the cybersecurity posture of organizations within the UAE and Saudi Arabia was broad, contributing to delays in funding (42%), delays in strategic decision-making (41%) and pointless will increase in spending (33) . %).
There have been additionally penalties for the people themselves, with 31% of regional respondents reporting that it affected the whole safety group by way of stress. As well as, international financial uncertainty has worsened the state of affairs, with nearly all of respondents (61%) saying that aligning cybersecurity and broader enterprise goals is turning into more and more tough to attain.
Values and processes aren’t targeted on enterprise outcomes
Structural processes are key to aligning objectives, and encouragingly, the survey discovered that over two-thirds of safety groups (68%) meet usually with their enterprise counterparts on the highest degree. Moreover, a majority of 62% of firms within the UAE and Saudi Arabia have built-in safety group members into enterprise features. Nevertheless, the analysis confirmed that there’s nonetheless room for enchancment, as half of organizations don’t doc insurance policies and procedures to facilitate alignment, and one other 39% reported that alignment is advert hoc and “occurs solely when wanted” .
The report additionally revealed that the metrics used to measure and show the worth that cybersecurity offers. Curiously, improved expertise for enterprise customers (33%) was cited as an important measure of success, adopted by extra technical and activity-based metrics resembling assembly compliance objectives (32%) and lowering prices safety incidents (29%).
“Whereas safety groups look like extra embedded in organizational processes, it’s clear that almost all regional enterprises nonetheless fail to contemplate cyber safety as a aggressive benefit,” mentioned Mohammad Ismail, Regional Director – Center East, Delinea. “Extra worryingly, our report reveals that this disconnect interprets into delayed funding, which places the enterprise in danger. It is time for firm leaders to reevaluate their strategy to cybersecurity—seeing it not simply as a legal responsibility, however as a profit. middle.”
“Cybersecurity will be an vital driver for enterprise, however this analysis displays that there’s nonetheless work to be executed at board degree in altering mindsets. Government leaders want to consider cybersecurity not simply by way of ticking a compliance field or defending the corporate, but in addition by way of the worth it could present at a extra strategic degree,” mentioned Joseph Carson, Chief Safety Scientist and Advisory CISO at Delinea. .
Presenting the enterprise case to the board: gaps in ITSDM ability units and altering reporting strains
Growing enterprise ability units can present the trail to better alignment, nevertheless, respondents within the UAE and Saudi Arabia listed technical expertise as probably the most priceless cybersecurity leaders possess. They’re rated larger by expertise resembling communication, collaboration, enterprise acumen and folks administration.
Half (50%) of these interviewed felt that presenting the enterprise case to their board and C-Suite was a spot in their very own ability set, whereas communication expertise and the flexibility to deal with demanding conditions had been acknowledged as areas for enchancment by 42% of respondents.
Aligning objectives additionally includes reviewing reporting strains and visibility on the CEO degree. Nevertheless, the Delinea survey suggests there may be little urge for food for altering reporting buildings, as lower than a 3rd (31%) of regional ITSDMs consider that CISOs or senior cyber safety leaders ought to report back to the CEO to greatest aligns cybersecurity throughout the board. enterprise goals.
“Alignment between cybersecurity and enterprise objectives is important to success. This analysis clearly highlights the unfavorable penalties when groups’ objectives aren’t absolutely synchronized. Guaranteeing frequent settlement throughout enterprise features is important, and there may be actual worth in metrics that not solely measure safety exercise, but in addition show affect on enterprise outcomes,” added Carson. “Communication is essential, and whereas robust technical expertise are nonetheless vital, safety leaders want the flexibility to speak, affect and show the worth they add to enterprise outcomes extra regularly than ever. Safety leaders who show this mixture of expertise, and who’ve the identical finish objective in thoughts because the enterprise, are a drive to be reckoned with.”
For extra info, insights and steering, obtain a free copy of the complete report at https://delinea.com/assets/aligning-cybersecurity-and-business-outcomes