Kaspersky study reveals basic cybersecurity terms unfamiliar to C-level executives
Woburn, MA – February 13, 2023 – According to a Kaspersky survey, 20% of business executive prefers not to flag lack of understanding when discussing cybersecurity issues. The study also reveals one in ten C-level managers have never heard of threats such as Botnet, APT and Zero-Day exploit. The same proportion appeared to be unfamiliar with cyber security concepts like DecSecOps, ZeroTrust, SOC and Pentesting. Kaspersky conducted this research to help IT and C-level find common ground and explore the root of their misunderstandings.
Upon conducting this survey, the findings indicates that C-suite executives sometimes struggle to understand their IT security peers and are not always ready to show their confusion. As a result, 33% of non-IT executives in the U.S. say they would not feel comfortable flagging that they don't understand something during a meeting with IT and IT security. Although most of them hide their confusion because they prefer to clarify everything after the meeting or choose to figure everything out by themselves, 36% don’t ask additional questions because they don’t believe the IT peers will be able to explain it in a clear way. Further, 43% reported they feel embarrassed revealing they don’t understand the topic and don’t want to look ignorant in front of IT colleagues.
While all surveyed top-managers regularly discuss security related issues with IT security managers more than one-in-ten respondents have never heard of threats such as Botnet (12%), APT (11%) and Zero-Day exploit (11%). At the same time Spyware, Malware, Trojan and Phishing appeared to be more familiar for top-mangers. Further, more than one-in-ten top managers admit they have never heard of cybersecurity terms like DecSecOps (13%), ZeroTrust (11%), SOC (11%) and Pentesting (11%).
“Non-IT top management are not experts in complex cybersecurity terminology and concepts, and IT security executives should keep this in mind when communicating with the board,” said Sergey Zhuykov, solution architect at Kaspersky.“Toestablishefficientcooperation CISO should be able to focus C-level attention precisely on meaningful details and clearly explain what exactly the company is doing to minimize cybersecurity risks. In addition to communicating clear metrics to stakeholders, this approach requires offering solutions instead of problems”.
To ease the communication between IT security and business functions within the company, Kaspersky recommends the following:
- IT security should be positioned as a driver for growth and innovation in the organization. To achieve this the IT security team should move away from prohibitive tactics and rather explain how the business can achieve its goals while mitigating cybersecurity risks.
- CISO should actively engage in operational activities and build relationships with the company’s stakeholders. While fewer than 20% of CISOs have established partnerships with key executives in sales, finance, and marketing, it is hard for them to stay abreast of the needs of the business.
- When communicating with the board, use arguments based on an overview of threats by experts, your company’s attack status and best practices.
- Explain the board what the main responsibilities of IT security team are. If possible, provide them with an opportunity to walk in a CISO’s shoes to get insights on the most relevant IT security challenges.
- Allocate cybersecurity investments in tools with proven efficacy and ROI. This means tools that lower the level of false positives, and reduce times of attack detection, the time spent per case and other metrics are important to any IT security team.
The full report and more insights on communications issues between C-level and IT security managers is available via the link.
About Kaspersky
Kaspersky is a global cybersecurity company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 240,000 corporate clients protect what matters most to them. Learn more at usa.kaspersky.com.
Media Contact:
Cassandra Faro
Cassandra.Faro@Kaspersky.com
781-503-1812
Kaspersky study reveals basic cybersecurity terms unfamiliar to C-level executives
Kaspersky
Related Articles Press Releases
Kaspersky report shows just how common scams are becoming on popular online services
Consumer security survey captures user experiences and attitudes related to online scams and privacy trendsRead More >