Around the world, security leaders say they are struggling to balance the need to appropriately secure their data and the need to maximise efficient use of this data to hit their business objectives, according to a study produced by analysts at Gartner, who found that only 14% of cyber leaders were keeping on top of this.
The analyst’s poll of 318 senior security leaders – conducted in the summer of 2024 – found 35% were confident they could secure data assets, and 21% were confident they could use data to achieve their business goals. The ability to do both was beyond six in seven.
Nathan Parks, senior specialist for research at Gartner, said this was clearly something that needed to be addressed.
“With only 14% of SRM leaders able to secure their data while supporting business goals, many organisations can face increased vulnerability to cyber threats, regulatory penalties and operational inefficiencies, ultimately risking their competitive edge and stakeholder trust,” he said.
In light of its findings, Gartner has developed a five-point checklist for security leaders – security and risk leaders, in its parlance – to better align their business needs to stringent data security requirements, and successfully achieve both effective data protection and business enablement goals:
- CISOs should try to ease governance-related friction for the business by co-creating data security policies and standards with input and feedback from end users across the business;
- They should try to align data-security related governance efforts through partnering better with the business’s other internal functions to identify areas of overlap and potential synergy;
- They should clearly identify and delineate any non-negotiable cyber security requirements that the business must absolutely meet when handling previously unknown or unexpected data security risks;
- On generative artificial intelligence (GenAI) and decision-making related to it, they should take care to define appropriate, high-level guardrails that enable stakeholders to experiment within set parameters;
- And finally, they should collaborate with the business’s data and analytics teams to secure board-level buy-in on data security levels.
The path to resilience goes straight through the boardroom
Gartner’s final point, on building more effective working relationships with senior leadership whose core work is not invested in cyber security, is a perennial thorn in the side of many security leaders, who frequently lament diverging attitudes.
This was highlighted in a recent study published by Cisco-owned security analytics and observability specialist Splunk, which polled chief information security officers (CISOs) in 10 countries, including the UK and US. Splunk found that CISOs were increasingly participating in boardrooms, but highlighted big gaps between their priorities and other board members.
For example, said Splunk, when it came to innovating with emerging tech, such as GenAI, 52% of CISOs spoke of this as a priority compared to 33% of other board members, on upskilling or reskilling cyber employees, 51% of CISOs thought this was a priority compared with 27% of board members, and on contributing to revenue growth initiatives, 36% of CISOs said they prioritised this, compared with 24% of board members.
Though the full report is more nuanced than these statistics might suggest, the study also showed that only 29% of CISOs thought they were getting the budget they needed to work effectively, while 41% of board members felt security budgets were absolutely fine.