A study reveals a lack of cooperation between German business and security officers, which has negative effects. The gap is also evident in how companies respond to the global pandemic.
Tenable, the cyber exposure company, identified a lack of collaboration between German business and security officials, which has proven to be detrimental to businesses, according to a new industry report. Sixty-six percent of German security officers said they did not work with business stakeholders to align cost, performance, and risk mitigation goals with the company's needs and priorities. For example, 45 percent of managers said they rarely consult with security officers when developing their company's business strategies.
Study with over 100 business and cybersecurity managers
The data come from information provided by participants in the German segment of the study “Now is the time for business-oriented security officers”. This study was carried out among 103 business and cybersecurity managers in Germany by Forrester Consulting on behalf of Tenable.
The global COVID-19 pandemic has exacerbated this discrepancy. Companies across Germany were feverishly trying to introduce and secure models for working from home - according to Federal Labor Minister Hubertus Heil, an estimated 25% of German employees work from home today, compared with 12% before the pandemic. According to the Forrester study, 75% of German business and security officials said their strategies for responding to COVID-19 are at best reasonably aligned. This is worrying when you consider that 55% of respondents were very or extremely concerned that coronavirus-related staff changes would increase their companies' risk levels.
Lack of transparency about environments
Even before the pandemic, the lack of transparency about new decentralized and dynamic environments was a major challenge for companies:
- Only 50% of the German security officers stated that they were able to largely or even completely overlook the risk posed by remote employees. The fact that, in view of the pandemic, German companies had to provide opportunities to work from home in the shortest possible time has exacerbated this visibility problem.
- Sixty percent said they had a large or complete overview of the risk posed by their applications, data, IT devices, cloud platforms and IoT technologies.
- That number drops to just 50%, who say they have a similar level of visibility into operational technology (OT) and mobile devices.
The consequences of this lack of cooperation between executives and the lack of visibility are proving to be detrimental for companies. Half of the respondents confirmed that their companies had suffered five or more business-damaging cyber attacks in the past two years. The effects of these attacks go beyond the loss of customer or employee data, as almost half (45%) of the respondents stated that the attacks had a negative effect on the company's ability to act. Forty-two percent of respondents said their company has had at least one business-damaging cyber attack related to COVID-19. In a time of economic uncertainty, organizations cannot afford the costly business repercussions of cyberattacks.
“Unprecedented Challenges”
"This year we are facing unprecedented challenges and the future is also full of uncertainty," said Jens Freitag, Senior Security Specialist at Tenable. “Every day, security officers make conscious decisions about where to focus their limited resources, time, and efforts. But if these decisions are inconsistent with the company's overall risk management goals, it can do more harm than good. In our opinion, the study shows that security officers have previously struggled to keep an eye on their remote workers. And since companies have responded to COVID-19 without security being part of those strategic plans, we believe visibility may have deteriorated. This is really worrying considering that many employees have no plans to return to physical offices in the next few months, if at all. Instead of working in silos in isolation, security and business leaders should cooperate and take an offensive stance on cybersecurity risks, ensuring that the company and its most important functions are safe. "
Security teams must pull together with managers
The study found that security officers who coordinate with their business colleagues are better equipped to deal with cybersecurity problems. These business-oriented security officers are eight times more likely to be able to confidently answer the question “How safe or at risk are we” than colleagues who tend to work in isolation: If security teams pull together with managers, they will empowered to develop an informed, risk-based strategy that focuses on what matters most to the business.
Study background
Forrester Consulting conducted an online survey of 2020 security officers and 52 business executives in April 51 to examine cybersecurity strategies and practices in medium to large companies in Germany.
More on this in the study at Tenable.com
About Tenable Tenable is a Cyber Exposure company. Over 24.000 companies worldwide trust Tenable to understand and reduce cyber risk. Nessus inventors have combined their vulnerability expertise in Tenable.io, delivering the industry's first platform that provides real-time visibility into and secures any asset on any computing platform. Tenable's customer base includes 53 percent of the Fortune 500, 29 percent of the Global 2000, and large government agencies.