IT employees and executives have significantly different perceptions of cybersecurity risks, a new report by ERP Maestro has revealed. The survey, conducted by Americas’ SAP Users Group (ASUG) in May of 2018, revealed that executives have a much more optimistic view of their company's cybersecurity, with only 25% of all executives reporting that they were very or extremely concerned about security. In stark contrast, 80% of IT and security employees answered in the affirmative when asked the same question.
On the difference in perceptions on cybersecurity within IT departments, ERP Maestro CEO Jody Paterson said, "This doesn't mean that executives aren't concerned about security. It does, however, indicate that they may be less aware of true risks and vulnerabilities because they don't have full visibility or are removed from the direct day-to-day security tasks."
Insights from the survey have revealed that executives are also more likely to overestimate their company's security. As the decision-makers who are usually in control of budgets, this means they might be less likely to invest in the right tools IT needs to curb impending threats due to their inflated sense of their company’s own security.
Visit Innovation Enterprise's Cheif Data Officer Summit in Singapore July 11-12, 2018
This disconnect between the two sides of organizations may also hurt its preparedness and impede the formation of an adequate cybersecurity strategy. Only 33% of survey respondents said their company currently had a defined cybersecurity strategy.
The survey, however, uncovered an interesting link between strategy and automation: Companies which reported to have a cybersecurity strategy were more likely to rely on automated solutions, which ERP Maestro concluded was ultimately a positive.
As Peterson explains, "Companies can improve their factual knowledge of risks with tools that improve visibility, monitoring and control of access automatically. They can also close the gap between executives and IT with better reporting, communication and joint participation in designing security strategies."