C-suite and IT-suite don't seem to agree too much on cyber-threats

MUMBAI, INDIA: Indian businesses are under increasing risk from serious cyber-attacks, with a third (33 per cent) of the respondents expecting to be targeted within 90 days – a number higher than the Asia-Pacific region. And yet, CXOs and CIOs appear to be slicing the challenge in different ways.

VMware has shared findings of a study on corporate data security practices conducted by The Economist Intelligence Unit (EIU), which VMware sponsored globally. The research highlights growing cybersecurity vulnerabilities in India, with nearly eight in 10 IT and C-suite business leaders experiencing increased cyber-attacks on their firms in 2015.

A key finding from the study is the opposing view of the perceived importance of cybersecurity as a high-priority initiative in India. IT leaders (32 per cent) in India regard cybersecurity as their number one corporate priority, while only eight percent of C-suite business leaders share a similar point of view. Similarly, while 36 per cent of IT leaders believe security budgets will significantly increase in the next two years, only 21 per cent of C-suite business leaders foresee likewise.

“Forward-thinking organizations understand that the reactive security approach of today is no longer doing its job. They also acknowledge that people and systems can be easily bypassed or blindsided if the business lacks a ubiquitous IT architectural plan that cuts across all levels of compute, network, storage, clouds and devices,” said Arun Parameswaran, managing director, VMware India. “By taking a software-defined approach to IT, security is ‘architected’ into everything, empowering organizations to gain the flexibility required to succeed as a digital business.”

Critical risks identified by both groups were ‘unknown cyber threats that move faster than their defenses’, ‘resources and data that may unknowingly reside in the cloud’, ‘employees who are careless or untrained in cybersecurity’, and ‘illegitimate users and devices accessing corporate networks’.

As cyber threats grow in sophistication, any gaps in security resulting from a ‘disconnect’ between C-suite and IT leaders can lead to the loss of intellectual property, competitive positioning and customer data.

IT leaders must therefore become more conversant with business risks and objectives. By having deeper conversations and translating cyber risks into business terms, IT leaders can justify requests for more investment in security. The C-suite can then better understand the business implications associated with evolving threats and make informed decisions around strategy and budgets.