Business and security officials are at odds

Meeting communication security officers

Share post

A study reveals a lack of cooperation between German business and security officers, which has negative effects. The gap is also evident in how companies respond to the global pandemic.

Tenable, the cyber exposure company, identified a lack of collaboration between German business and security officials, which has proven to be detrimental to businesses, according to a new industry report. Sixty-six percent of German security officers said they did not work with business stakeholders to align cost, performance, and risk mitigation goals with the company's needs and priorities. For example, 45 percent of managers said they rarely consult with security officers when developing their company's business strategies.

Study with over 100 business and cybersecurity managers

The data come from information provided by participants in the German segment of the study “Now is the time for business-oriented security officers”. This study was carried out among 103 business and cybersecurity managers in Germany by Forrester Consulting on behalf of Tenable.

The global COVID-19 pandemic has exacerbated this discrepancy. Companies across Germany were feverishly trying to introduce and secure models for working from home - according to Federal Labor Minister Hubertus Heil, an estimated 25% of German employees work from home today, compared with 12% before the pandemic. According to the Forrester study, 75% of German business and security officials said their strategies for responding to COVID-19 are at best reasonably aligned. This is worrying when you consider that 55% of respondents were very or extremely concerned that coronavirus-related staff changes would increase their companies' risk levels.

Lack of transparency about environments

Even before the pandemic, the lack of transparency about new decentralized and dynamic environments was a major challenge for companies:

  • Only 50% of the German security officers stated that they were able to largely or even completely overlook the risk posed by remote employees. The fact that, in view of the pandemic, German companies had to provide opportunities to work from home in the shortest possible time has exacerbated this visibility problem.
  • Sixty percent said they had a large or complete overview of the risk posed by their applications, data, IT devices, cloud platforms and IoT technologies.
  • That number drops to just 50%, who say they have a similar level of visibility into operational technology (OT) and mobile devices.

The consequences of this lack of cooperation between executives and the lack of visibility are proving to be detrimental for companies. Half of the respondents confirmed that their companies had suffered five or more business-damaging cyber attacks in the past two years. The effects of these attacks go beyond the loss of customer or employee data, as almost half (45%) of the respondents stated that the attacks had a negative effect on the company's ability to act. Forty-two percent of respondents said their company has had at least one business-damaging cyber attack related to COVID-19. In a time of economic uncertainty, organizations cannot afford the costly business repercussions of cyberattacks.

“Unprecedented Challenges”

"This year we are facing unprecedented challenges and the future is also full of uncertainty," said Jens Freitag, Senior Security Specialist at Tenable. “Every day, security officers make conscious decisions about where to focus their limited resources, time, and efforts. But if these decisions are inconsistent with the company's overall risk management goals, it can do more harm than good. In our opinion, the study shows that security officers have previously struggled to keep an eye on their remote workers. And since companies have responded to COVID-19 without security being part of those strategic plans, we believe visibility may have deteriorated. This is really worrying considering that many employees have no plans to return to physical offices in the next few months, if at all. Instead of working in silos in isolation, security and business leaders should cooperate and take an offensive stance on cybersecurity risks, ensuring that the company and its most important functions are safe. "

Security teams must pull together with managers

The study found that security officers who coordinate with their business colleagues are better equipped to deal with cybersecurity problems. These business-oriented security officers are eight times more likely to be able to confidently answer the question “How safe or at risk are we” than colleagues who tend to work in isolation: If security teams pull together with managers, they will empowered to develop an informed, risk-based strategy that focuses on what matters most to the business.

Study background

Forrester Consulting conducted an online survey of 2020 security officers and 52 business executives in April 51 to examine cybersecurity strategies and practices in medium to large companies in Germany.

More on this in the study at


About Tenable

Tenable is a Cyber ​​Exposure company. Over 24.000 companies worldwide trust Tenable to understand and reduce cyber risk. Nessus inventors have combined their vulnerability expertise in, delivering the industry's first platform that provides real-time visibility into and secures any asset on any computing platform. Tenable's customer base includes 53 percent of the Fortune 500, 29 percent of the Global 2000, and large government agencies.


Matching articles on the topic

Cybersecurity platform with protection for 5G environments

Cybersecurity specialist Trend Micro unveils its platform-based approach to protecting organizations' ever-expanding attack surface, including securing ➡ Read more

Data manipulation, the underestimated danger

Every year, World Backup Day on March 31st serves as a reminder of the importance of up-to-date and easily accessible backups ➡ Read more

Printers as a security risk

Corporate printer fleets are increasingly becoming a blind spot and pose enormous problems for their efficiency and security. ➡ Read more

The AI ​​Act and its consequences for data protection

With the AI ​​Act, the first law for AI has been approved and gives manufacturers of AI applications between six months and ➡ Read more

Windows operating systems: Almost two million computers at risk

There are no longer any updates for the Windows 7 and 8 operating systems. This means open security gaps and therefore worthwhile and ➡ Read more

AI on Enterprise Storage fights ransomware in real time

NetApp is one of the first to integrate artificial intelligence (AI) and machine learning (ML) directly into primary storage to combat ransomware ➡ Read more

DSPM product suite for Zero Trust Data Security

Data Security Posture Management – ​​DSPM for short – is crucial for companies to ensure cyber resilience against the multitude ➡ Read more

Data encryption: More security on cloud platforms

Online platforms are often the target of cyberattacks, such as Trello recently. 5 tips ensure more effective data encryption in the cloud ➡ Read more