Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

New Ivanti Research Reveals 55% of IT & Security Professionals Believe that Non-IT Leaders Don’t Understand Vulnerability Management and 47% of Leaders Agree

July 2024 by Ivanti

Ivanti released its latest research report on Aligning Perspectives: Cyber Risk Management in the C Suite, which details the need for CISOs to effectively communicate risk up the chain of command.

© Diego Cervo

Cyber threats are advancing quickly in size and sophistication, largely because of the rapid evolution of technology, increasing sophistication of cyber attackers and the expansion of attack surfaces through interconnected systems and devices. Fully 95% of IT and security professionals believe security threats will be more dangerous due to AI — yet, despite that elevated risk, nearly one in three security and IT professionals have no documented strategy in place to address generative AI risks. In today’s environment, CISOs play an even more critical role in the organization as many of the decisions they make will affect the business as a whole.

Key findings from the report include the following:
• Leaders (outside of IT) are overconfident: Although 60% of non-IT leaders report being “very” or “extremely confident” in their organization’s ability to prevent or stop a damaging security incident in the next 12 months, just 46% of IT professionals shared that level of confidence. This gap suggests leaders outside IT may not truly understand the risks posed by mounting and increasingly aggressive cybersecurity threats.

• Vulnerability management is misunderstood: 55% of IT and security professionals state that non-IT leaders do not fully understand vulnerability management – and non-IT leaders largely agree – 47% state they don’t have a high-level understanding of vulnerability management. When leaders don’t understand vulnerability management, they may not realize how changing leadership priorities can impact the security of their organization. In fact, more than 1 in 4 IT professionals say patch management is undermined by changing leadership priorities.

• Leadership and security have misaligned perspectives on cyber risk: Executives outside IT are more likely to focus on financial, legal and reputational impacts than their IT and security counterparts. For instance, 24% of executive leaders label the reputational impact of cyber risks as ‘high’ compared to only 15% of CISOs.
“The role of the CISO is to effectively communicate the true risk that their organization faces and understand how different types of security incidents can impact the organization – now more than ever,” said Mike Riemer, Field CISO at Ivanti. “The threat landscape is growing increasingly volatile and unpredictable and CISOs are tasked with enabling employees to remain productive and secure. The success of the CISO organization is imperative to ensure the success of the entire organization, which explains why cybersecurity has elevated to being a board level discussion.”

The report outlines how CISOs can effectively quantify the impacts of security events on other business functions, use vulnerability management to effectively manage the cybersecurity risk of their organization and attain long-term buy-in from C-level executives for the CISO’s vision.


Methodology
This report is based in part on two surveys conducted by Ivanti in late 2023 and early 2024: “2024 Everywhere Work Report: Empowering Flexible Work” and “2024 State of Cybersecurity: Inflection Point.” In total, these two studies surveyed 16,200 executive leaders, IT professionals, security professionals and office workers. This report looks specifically at the 3,059 leaders, IT professionals and security professionals surveyed across the two studies.


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts