PROPER communication can prevent a lot of problems, whether in relationships or in cybersecurity.
Miscommunication between managers and IT departments or IT security teams led to at least one cybersecurity incident, such as a data breach, in 62 percent of companies surveyed, according to Kaspersky, a cybersecurity and anti-virus provider company based in Russia.
Kaspersky’s global survey, conducted in October 2022, involved 1,300 business leaders across 25 countries.
This is significant because companies spend an average of 37 days and $2.4 million to detect and recover from a cybersecurity breach, according to a Forrester analytics survey.
Kaspersky also found that 98 percent of non-IT respondents experienced miscommunications regarding IT security.
The communication problems have led to serious project delays and cybersecurity incidents, which happened more than once for almost a third of the respondents.
Other adverse effects are wasted budgets, loss of a valued employee, and deteriorating relationships between teams.
Kaspersky also said unclear communication with IT-security employees can affect the emotional state of the team and makes executives question IT-security employees’ skills and abilities.
Some 28 percent of executives also said they lose their confidence in their business’ safety, while 26 percent said they feel nervous, when there are misunderstandings with IT personnel.
Communication is key
These findings underscore the importance of clear communication between executives and IT security personnel in ensuring corporate business security, according to Alexey Vovk, Head of Information Security at Kaspersky.
“The challenge here is to put oneself in the others’ position, to anticipate and prevent serious misunderstandings. This means that, on the one hand, [chief information security officers] should know basic business language to better explain the existing risks and need for safety measures. On the other hand, business should also understand that information security in the 21st century is an integral part of business and is an investment in protecting company assets,” Vovk said in a statement.
Kaspersky recommends certain steps to improve communication between IT security and business functions.
It said there is a need for empathy, as well as additional knowledge, to understand professionals from another sphere. This means IT personnel could get more information about basic business terms and concepts, while the non-IT officials could learn to walk in the latter’s shoes and get insights on relevant security challenges.
They should not enclose themselves in a professional “information bubble,” it said.
“Staying aware of the agenda in both the business and cybersecurity worlds is another key to successful communication and mutual understanding between them,” it said.
Another recommendation from Kaspersky is for cybersecurity experts to use reliable and understandable arguments when relaying their needs and budgets to company officials.
They should provide data about the most relevant threats and security measures, and say what needs to be done to address these.
Moreover, it said there is a need to invest in effective cybersecurity tools.