Given the potential for cybersecurity lapses to wreak havoc on a company’s financial health, it may not be surprising that, by one measure, security and finance leaders are quite aligned with one another’s priorities.
But a closer look reveals notable differences in the two groups’ perspectives, with more finance executives expressing dissatisfaction, according to new research by Expel, a provider of managed detection and response services.
Among the survey participants — all at organizations with 5,000 or more employees — 87% of the 164 finance leaders, and 84% of the 136 on the security side, said the other group was at least somewhat aligned with their own team’s priorities. Additionally, they reported excellent collaboration, with 68% and 74%, respectively, saying they work together “early and often.”
Still, 46% of the security respondents, but only 35% of their finance counterparts, said the other side was “very” aligned with their priorities. And while 71% of security leaders rated their organization’s ability to measure cybersecurity’s business impact as fully or very mature, just 56% of finance leaders said the same.
Three in five of the security leaders said they weren’t fully confident that their organization’s cybersecurity investments were aligned with actual business risk exposure.
That presents a potential trouble spot. “Finance decision-makers generally view cybersecurity as strategically important for business planning,” Expel wrote in its survey report, with 85% saying it’s a key component and 55% characterizing it as a “core strategic driver.”
Another problematic survey finding is that the metrics security leaders report to finance are misaligned with what finance leaders want. For example, while the former are likely to report on the business impact of actual security incidents and the maturity level of the security program, finance executives are instead looking for reporting that weighs the costs and coverage of such programs.
“In fact,” Expel wrote, “program maturity level vs industry benchmarks is the second least-popular metric among surveyed finance leaders.”
With respect to collaboration, although finance and security leaders say they meet regularly for strategic planning, it’s not always a successful partnership. “Security leaders continue to struggle with familiar funding challenges, while finance teams contend with persistent cost and ROI concerns,” said Expel.
Just 38% of the surveyed finance leaders said they’re fully or very aligned with security on risk tolerance and budget expectations.
