While every IT employee has an anecdote about the importance of a proper technology security solution, there's one phrase that constantly runs through the minds of executives—"show me the metrics."
Many business decision-makers only rely on the numbers when it comes time to update a process or invest in a new solution. However, all the metrics you can get your hands on mean nothing if there is a disconnect between the higher-ups and the IT departments when it comes to which ones should be considered.
That is what was discovered in a recent study by Ponemon. The report surveyed 24,550 individuals who work in IT operations, security, business operations, compliance/internal audit and enterprise risk management. According to the results, over 50 percent of respondents are either unsure or do not believe security metrics are helping align with business objectives.
The report speculates that the biggest reason for this is lapses in communication. The study found that over 50 percent of those surveyed believe that communication between executives and IT departments is not effective. Reasons cited include information being too technical, communication only happening when there is an issue and too much time needed to prepare a proper metric report for C-level personnel.
"Finding meaningful ways to successfully bridge this communication gap is critical to broader adoption of risk-based security programs," the article reads. "The onus for this effort clearly lies with IT security and risk professionals."
This is a another example of how the IT world is changing. Technology professionals need to be able to walk in both the business and tech worlds seamlessly. Many organizations turn to their trusted VAR/MSP technology partners to seek the expertise around these hybrid roles.