• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Career360
  • About
    • Secure360
    • UMSA
  • Secure360 2022
  • For Sponsors
  • For Speakers
  • Get Involved
  • Blog
  • Nav Social Menu

    • Facebook
    • LinkedIn
    • Twitter
    • Vimeo

Secure360

What to do when executives ignore security recommendations

August 4, 2016 by Secure360 and UMSA

executives ignore security problems

Copyright; 123rf/Igor Sapozhkov

In our previous post, we discussed many of the pressures that IT and security professionals are faced with on a daily basis. The list is long and one of the biggest pressures is to provide secure networks and systems in a time where major data breaches are highly publicized. IT professionals are working hard to keep their data secure, but often feel that their concerns are seemingly dismissed by business managers and executives who accept the risk instead of approving the proposed strategies.

Why executives may not be listening

There are many reasons why infosec personnel’s security and risk recommendations may not be accepted by executives:

  • Executives may feel better-suited for making risk decisions than information security professionals and are willing to accept the risk.
  • Executives may have become immune to security concerns expressed through fear, uncertainty or doubt.
  • Executives may be tired of making risk decisions, and find it easier to maintain the status quo instead of acting upon the security concerns.
  • Executives don’t understand the IT security risk, possibly because the infosec professional presents it in a context to which they cannot relate.
  • Executives and IT professionals speak a different language, causing a communication barrier.
  • Executives aren’t presented with practical options for handling IT security risks and feel the recommendations are too costly or difficult to act upon.

How to get executives to listen

While the increase of cybercriminal activity may be common knowledge, it still may be difficult to communicate the true implications of a breach to your board of executives. It’s necessary for a CEO to raise the priority of cyber security not just with the CIO, but across the C-suite and the board. Information can get trapped between departments—miscommunication and inconsistent security measures included. Leaders must work together to break down those barriers and create damage-prevention strategies that flow seamlessly from one department to the next.

Begin by calculating the true cost of an attack on your business. The mistake that breached companies are finding out the hard way is that they didn’t predict the overall price a breach would ultimately cost them. Next, consider the implications of how a breach will affect the overall health of your organization. Not only will a security breach affect your market valuation but also the health of your reputation or image in the eyes of your customers and shareholders.

When it comes to accurately communicating risk to your board, put the implications in terms they can understand. Attend Secure360 Iowa on Monday, September 19 to learn 5 Ways to Improve Your Cyber Risk Communications.

Filed Under: Business Continuity Management, Cybersecurity, Risk and Compliance

About Secure360 and UMSA

The Secure360 and UMSA team is made up of professionals in the security and risk management industries. Topics of expertise range from physical security, IT, risk management, cybersecurity, cloud, information security and records management.

Reader Interactions

Comments

  1. Laura Ray says

    June 27, 2017 at 11:06 am

    A lot of times I deal with IT managers. Most of the time they have these exact same troubles you discussed in your blog post. Over the past few months, I have read security blog after security blog. You are by far one of my favorites. It is refreshing to see someone who is targeting ground zero. Keep up the great work. 🙂

    Reply

Leave a Reply to Laura Ray Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Categories

  • Uncategorized
  • Guest Posts
  • Business Continuity Management
  • News and Events
  • Physical Security
  • Cybersecurity
  • Professional Development
  • Risk and Compliance

latest tweets

  1. Secure360 Conference
    Secure360 Conference: We were lucky to have some amazing vendors like @googlecloud at this years #Sec360! In case you missed their blog p… https://t.co/jzT4yX4zBz
    about 1 day ago

  2. Owen Hadzima
    Owen Hadzima: #LeftTwix or #RightTwix? Which side are you on? #Twix #Candy #Fun 📸 via @Secure360 https://t.co/kLyaxTewx4
    about 2 days ago

Footer

Contact

For more information about UMSA events, contact: Marie Strawser

Email List Signup

Join our email list for monthly Secure360 news and updates!




Join our tradeshow email list for updates on sponsorship opportunities and upcoming exhibitor deadlines.

Sponsored by:
© 2022 Secure360. All rights reserved.