Cybersecurity decision makers are viewed as the ‘police’ or ‘doom mongers’ by fellow employees, according to new research commissioned by Thycotic, an access management software provider.
The research was conducted with 100 IT security decision makers in the UK. It found that more than a third (38%) of respondents believe that they are viewed as the ‘policemen’ of their organizations, 30% feel that they are perceived as the ‘doom-mongers’ or disciplinarians, providing additional layers of process that can slow down people’s daily tasks.
Six percent feel that they were seen as a ‘necessary evil’ and a further 27% believe that other employees see the security team as something that runs in the background which they don’t really notice. Of most concern to business leaders, is when IT security decision makers were asked if they’d ever experienced negativity towards their team and their work, 13% said it happened “all the time”.
The results will be disheartening to CIOs and CISOs that are attempting to boost security within their organizations. Numerous research has shown that cyberattacks are on the rise – a report from global law firm Linklaters found that the number of significant cyberattacks had grown by more than 50 percent between 2016 and 2018. It revealed that there were 67 significant cyber incidents worldwide in January to October 2018, compared to 41 incidents in 2016. Cyberattacks can be damaging for organizations from a finance and reputation perspective.
According to the Thycotic research however, the issues could mount, as 56% of respondents feel they’re restricted by the board – and while 87% feel valued by the board, this doesn’t always translate into investment into cybersecurity, with 62% believing the board can’t always see the business case for security investments
“At a time when security teams are under huge pressure and play an increasingly strategic role within the company, it’s disappointing that they’re not feeling valued either by their co-workers or by senior executives,” said Joseph Carson, chief security scientist and advisory CISO at Thycotic.
“The fact that negative opinions are rife amongst employees also suggests that security teams need to work harder to communicate the strategic importance of their roles to the business and reinvent themselves as ‘facilitators’ rather than ‘enforcers’ who enable the business to run smoothly,” he added.