Spotlight on Australia: Security Leaders Struggle to Communicate Cyber Risk in Business Terms

Security leaders who align with the business are better prepared to help their organisations make risk-based decisions. So, why do so many security executives struggle to communicate cyber risk in business terms? The Rise of the Business-Aligned Security Executive: Spotlight on Australian Organisations, a commissioned study of 105 business and cybersecurity leaders in Australia conducted by Forrester Consulting on behalf of Tenable, provides insights into the challenges many infosec leaders face in bridging the disconnect.

Before they can improve alignment with the business, the study finds security organisations need the following:

• Holistic visibility of business-critical assets: Security leaders reported that they have limited visibility over important company assets. Only six out of 10 security leaders say they have ‘high or complete visibility’ into their organisations’ IoT and operational technology (OT). As a result, faew security leaders have a holistic understanding of their organisations’ modern attack surface.

• Security metrics that speak to business risk: Just four out of 10 Australian security leaders say they work with business stakeholders to align cost, performance and risk reduction objectives with business needs.

• Predictive business risk context for incoming threats: Forty percent of Australian security leaders aren’t confident that they have the technology to predict the impact of cyberthreats on their business.

The good news? When business and cyber are aligned, the results are significant. Business-aligned security leaders are eight times as likely as their more siloed peers to be highly confident in their ability to report on their organisation’s level of security or risk.

To achieve alignment with the business, CISOs and other security leaders need the right combination of technology, data, processes and people.