• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • About
    • Secure360
    • UMSA
    • Get Involved
  • Events
    • Secure360 2021
    • Student360
    • Past Events
      • 2020 Secure360 Twin Cities
      • 2020 Student360
      • 2019 Secure360 Twin Cities
      • 2019 Student360
      • 2018 Secure360 Twin Cities
      • 2018 Secure360 Wisconsin
      • 2018 Student360
      • 2017 Secure360 Twin Cities
      • 2017 Student360
      • 2016 TC Secure360 Conference
      • 2015 Secure360 Conference
      • 2014 Secure360 Conference
      • 2013 Secure360 Conference
        • 2013 Secure360 Conference Speaker Presentations
      • 2012 Secure360 Conference
  • For Sponsors
    • Secure360 Twin Cities
    • Student360 Sponsors
  • For Speakers
    • Secure360 Speaker Details
    • Student360 Speaker Details
  • Blog
  • Nav Social Menu

    • Facebook
    • LinkedIn
    • Twitter
    • Vimeo

Secure360

What to do when executives ignore security recommendations

August 4, 2016 by Secure360 and UMSA

executives ignore security problems

Copyright; 123rf/Igor Sapozhkov

In our previous post, we discussed many of the pressures that IT and security professionals are faced with on a daily basis. The list is long and one of the biggest pressures is to provide secure networks and systems in a time where major data breaches are highly publicized. IT professionals are working hard to keep their data secure, but often feel that their concerns are seemingly dismissed by business managers and executives who accept the risk instead of approving the proposed strategies.

Why executives may not be listening

There are many reasons why infosec personnel’s security and risk recommendations may not be accepted by executives:

  • Executives may feel better-suited for making risk decisions than information security professionals and are willing to accept the risk.
  • Executives may have become immune to security concerns expressed through fear, uncertainty or doubt.
  • Executives may be tired of making risk decisions, and find it easier to maintain the status quo instead of acting upon the security concerns.
  • Executives don’t understand the IT security risk, possibly because the infosec professional presents it in a context to which they cannot relate.
  • Executives and IT professionals speak a different language, causing a communication barrier.
  • Executives aren’t presented with practical options for handling IT security risks and feel the recommendations are too costly or difficult to act upon.

How to get executives to listen

While the increase of cybercriminal activity may be common knowledge, it still may be difficult to communicate the true implications of a breach to your board of executives. It’s necessary for a CEO to raise the priority of cyber security not just with the CIO, but across the C-suite and the board. Information can get trapped between departments—miscommunication and inconsistent security measures included. Leaders must work together to break down those barriers and create damage-prevention strategies that flow seamlessly from one department to the next.

Begin by calculating the true cost of an attack on your business. The mistake that breached companies are finding out the hard way is that they didn’t predict the overall price a breach would ultimately cost them. Next, consider the implications of how a breach will affect the overall health of your organization. Not only will a security breach affect your market valuation but also the health of your reputation or image in the eyes of your customers and shareholders.

When it comes to accurately communicating risk to your board, put the implications in terms they can understand. Attend Secure360 Iowa on Monday, September 19 to learn 5 Ways to Improve Your Cyber Risk Communications.

Filed Under: Business Continuity Management, Cybersecurity, Risk and Compliance

About Secure360 and UMSA

The Secure360 and UMSA team is made up of professionals in the security and risk management industries. Topics of expertise range from physical security, IT, risk management, cybersecurity, cloud, information security and records management.

Reader Interactions

Comments

  1. Laura Ray says

    June 27, 2017 at 11:06 am

    A lot of times I deal with IT managers. Most of the time they have these exact same troubles you discussed in your blog post. Over the past few months, I have read security blog after security blog. You are by far one of my favorites. It is refreshing to see someone who is targeting ground zero. Keep up the great work. 🙂

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Categories

  • Uncategorized
  • Guest Posts
  • Business Continuity Management
  • News and Events
  • Physical Security
  • Cybersecurity
  • Professional Development
  • Risk and Compliance

latest tweets

  1. Secure360 Conference
    Secure360 Conference: We are honored to be listed on the Top 20 Cyber Conferences for 2021 -> https://t.co/MnrQ3E5ifw
    about 1 hour ago

  2. Secure360 Conference
    Secure360 Conference: Fascinating stuff about the shift from brick & mortar to e-commerce, from Diamond Sponsor @cisco! https://t.co/4GaYGQKZ1a
    about 2 days ago

  3. Secure360 Conference
    Secure360 Conference: Seize the opportunity in the post-covid world to create a DevSecOps culture. Read how in a blog post by #Sec360 Gol… https://t.co/Hk5HrDRtcP
    about 2 days ago

Footer

Contact

For more information about UMSA events, contact: Marie Strawser

Email List Signup

Join our email list for monthly Secure360 news and updates!




Join our tradeshow email list for updates on sponsorship opportunities and upcoming exhibitor deadlines.

Sponsored by:
© 2021 Secure360. All rights reserved.