Tripwire, one of the main providers of IT security management solutions, recently released the results of a new survey conducted with the Ponemon Institute. The study examined the gap between organizations' commitment to IT security management and their ability to develop the collaboration, communication tools and culture needed to protect the company.

The survey involved 749 U.S. professionals and 571 professionals in the United Kingdom across several sectors, including IT security, IT operations, IT risk management, business operations and enterprise risk management.

Managing risks related to IT security is a complex problem in which predictability and results are constantly changing,” says Larry Ponemon, founder of the Ponemon Institute. “This means that even the most secure organizations are at risk, given the large number of variables involved. Good communication and collaboration inside the company are therefore essential.”

Survey Results

  • 64% of respondents said they do not communicate security risks to executives, or communicate them only when there is a serious problem.
  • 47% said collaboration between security management and executives is insufficient, non-existent or contradictory.
  • 51% described the communication of relevant risks as inefficient.
Why is communication inefficient?
  • 68% of respondents said communications are too isolated.
  • For 61%, the communicated information is too technical for non-technical management to understand.
  • 59% said information is filtered before being disclosed to executives or the CEO.
Dwayne Melancon, CTO of Tripwire, observed:

This report clearly shows that most companies do not consider IT security risks in everyday business decisions. Changing this mindset requires IT professionals to develop new communication skills, so they can discuss security risks in terms relevant to business objectives.”

Communicating IT security risks is important for a company's activity. Organizations should therefore become aware of their real shortcomings in this area and implement policies that allow more effective communication between IT security management and executives.

If you have a portal, reserved area, website or application to protect, request a risk assessment from sector professionals. In Italy, EasyAudit will help you identify the vulnerabilities of your IT system. EasyAudit also lets you obtain the trustmark EasyAudit Checked, a guarantee for your customers.

Want to know how exposed your website is?

EasyAudit WEB checks websites, portals and e-commerce with a professional external audit designed for SMEs.

Discover EasyAudit WEB