Delinea, a renowned provider of solutions that seamlessly extend Privileged Access Management (PAM), today announced findings from a global survey of IT Security Decision Makers (ITSDMs) from across the globe – including the UAE and Saudi Arabia – revealing the impact of misalignment between the cybersecurity function and wider business.
Asked about the Board and C-Suite’s understanding of cybersecurity across the organization, only 37% of respondents in the UAE and Saudi Arabia think their company’s leadership has a sound understanding of cybersecurity’s role as a business enabler. Over a third (34%) of respondents believe that it is considered important only in terms of compliance and regulatory demands, while one in five said it is not seen as a business priority. Furthermore, just over half of respondents (55%) believe that there is a “strong alignment” between business and cybersecurity objectives.
The disconnect appears to have caused at least one negative consequence to 94% of regional respondents’ organizations, with more than a quarter (28%) also reporting it resulted in an increased number of successful cyber-attacks at their company.
The impact of misaligned goals on the cybersecurity posture of organizations in the UAE and Saudi Arabia was wide-ranging as it contributed to delays in investments (42%), delays in strategic decision-making (41%), and unnecessary increases in spending (33%).
There were also consequences for the individuals themselves, with 31% of regional respondents reporting it impacted the whole security team in terms of stress. Furthermore, global economic uncertainty has worsened the situation with the majority of those surveyed (61%) stating that aligning cybersecurity and broader business goals is becoming more difficult to achieve as a result.
Read more: Cybersecurity talent shortage a major concern for CISOs in UAE, Saudi
Room for improvement
Structural processes are key to aligning goals and, encouragingly, the survey revealed that over two-thirds of security teams (68%) meet regularly with their business counterparts at the highest level. Additionally, the majority 62% of companies in the UAE and Saudi Arabia have also embedded security team members within business functions. However, the research showed there is still room to improve, as half of the organizations are not documenting policies and procedures to facilitate alignment, and a further 39% reported that alignment is ad hoc and only ‘happens when needed.’
The report also brought to light that metrics are used to measure and demonstrate the value that cybersecurity delivers. Interestingly, improved experience for business users (33%) was cited as the most important measure of success, followed by more technical and activity-based metrics such as meeting compliance objectives (32%) and reducing the costs of security incidents (29%).
For more news on tech, click here.
