On Facts vs. Reality: Who’s Driving Cybersecurity Efforts

Without a doubt, parenting has been the most challenging thing I have ever undertaken in my 50+ years. But we’ve made it past the teenage years, and I couldn’t be happier. While there are many things that surprised me about raising children, the one thing I wasn’t ready for centered around our different realities.

How is it that my teenagers and I could look at the same situation and arrive at radically different descriptions? (Of course, when I was a teenager, the disconnect I had with my parents was due to the fact that they just didn’t “get” my generation! It’s not possible that the same could be said of me, could it?)

This phenomenon of course is not limited to parenting.

We observed a similar type of occurrence in the HIMSS 2016 Cybersecurity survey. When asked how one’s organization deploys staff to address information security, respondents generally attributed information security as an executive level function (50.7%) as opposed to a non-executive responsibility or an external/outsourced function.

Yet when we analyze these responses by the respondent’s level within the organization, a different picture emerges. Executive respondents overwhelmingly (63.1%) considered information security to be an executive responsibility, with only 32.3% of executives assigning this to a non-executive function.

Non-executive respondents on the other hand saw things differently. Just over half (50.6%) of the non-executives considered information security to be driven by non-executive staff, while 41.2% claimed this to be an executive responsibility.

So what? Why is this seemingly insignificant data point relevant? The disconnect suggests there may be a potential misalignment between the views of executives and non-executives surrounding who drives an organization’s cybersecurity efforts.

If non-executives tend to have a more elevated view of their influence over information security than their executive sponsor has in fact imputed to them, the foundation is being laid for a dysfunctional work environment. And the reality is, cybersecurity threats are too important for an organization to be distracted by “family” squabbles.                                                            

To access a copy of the 2016 HIMSS Cybersecurity Study, click here.


cybersecurity; privacy and security; HIMSS