Cyber security teams often receive ‘unwarranted backlash’ from other enterprise stakeholders irked by precautions that can close down business operations deemed to pose security risks.
According to a report, The Department of No!, from cyber security training firm KnowBe4, many enterprise security departments have traditionally been perceived as unco-operative toward the achievement of business objectives.
Despite the fact that in most organisations, the cyber security function has ‘earned its seat at the conference table’ and is now an important part of board/c-suite leadership agendas, a reputation for being the department that says ‘no can do’ persists, the report suggests.
The Department of No! aims to provide insights into how to establish a positive, effective and generally successful security team at the base of organisations, says its lead author Javvad Malik, Security Awareness Advocate at KnowBe4 .
“We wanted to look further into why IT security departments are often perceived as barriers to business rather than vital partners in the process,” Malik said. “The Department of No! report walks through the habits of successful security teams and the ‘secret sauce’ that makes them work. The methodologies they have deployed could work for other organisations, as well as help transform employees’ entire perception of cyber security.”
Department of No! includes analysis of data from a soon-to-be released survey from KnowBe4 subsidiary CLTRe that provides information about cyber security culture from 120,050 employees working in 1,107 organisations located across more than 20 countries.