IT Security Professionals Suffering from an Image Problem
Research from cybersecurity firm Thycotic has revealed that the majority of UK IT security professionals feel they’re suffering from an image problem amongst fellow workers.
Nearly two thirds of respondents (63%) feel that their security teams are either viewed as the company naysayers – specifically either ‘doom mongers’ or a ‘necessary evil’ (36%).
The research, which was conducted with 100 IT security decision makers within the UK, revealed that more than a third of respondents (38%) believe that they’re viewed as the ‘policemen.’ Worryingly, when asked if they’d ever experienced negativity towards their team and their work, 13% said this happens ‘all the time.’
Almost three quarters (74%) of security professionals reported negativity or indifference regarding the introduction of new security measures and policies: with employees believing it will hamper their work (35%), or barely noticing them (39%).
When it comes to how they’re perceived by the C-suite, the research reports further challenges: 56% feel that they’re restricted by the board, which may be accounted for by the fact that only 41% of organisations have a CISO in place on the board.
Whilst the security team can be instrumental in business transformation, only 44% believe that the C-suite sees them as a positive force for innovation and just one in 10 respondents (13%) believe that the board sees them as helping the company to gain a competitive advantage.
Commenting on the findings, Joseph Carson, Chief Security Scientist and Advisory CISO at Thycotic notes, “At a time when security teams are under huge pressure and play an increasingly strategic role within the company, it’s disappointing that they’re not feeling valued either by their co-workers or by senior executives. The fact that negative opinions are rife amongst employees also suggests that security teams need to work harder to communicate the strategic importance of their roles to the business and reinvent themselves as ‘facilitators’ rather than ‘enforcers’ who enable the business to run smoothly.”
He continues: “Clearly instrumental in this will be achieving a greater representation of CISOs at board level and improving cross-departmental communications.”