Australian Information Security Teams Lead the World by Focussing on Performance Targets Set by the Board
Announcement posted by emt Distribution 28 Nov 2019
Serious penalties for the CEO if security teams do not meet targets, new Australian and international research from Thycotic reveals
Adelaide, Australia – November 28, 2019 – Australian information security teams lead the world by focussing on performance targets set by the Board according to a new Australian and international study by Thycotic, a provider of privileged access management (PAM) solutions for more than 10,000 organisations worldwide.
Out of a sample of 100 Australian, 203 US, 102 UK, 100 German and 50 New Zealand IT security decision-makers, only in Australia did meeting performance targets set by the Board come out on top (chosen by 50% of respondents) when IT security teams were asked to describe what success looks like.
In the US more respondents rated success as meeting compliance demands (44%) above meeting performance targets set by the board (38%). In the UK, more people rated success as being valued by the company (45%) above meeting board performance targets (42%). In Germany and New Zealand more people rated success as just keeping everything running smoothly (48% in both) above meeting board performance targets (34% and 36% respectively).
More Australian respondents (67%) than any other country surveyed (US 66%, UK 61%, Germany 46%, NZ 62%) also agreed there are implications for the CEO if security teams are unable to meet security targets. Consequences for Australia CEOs range from headaches such as receiving a hard time from shareholders (49%) and longer hours spent on the job (48%) to serious penalties including lost bonus payments (36%) and even a threat to the job (51%).
Commenting on the findings, Joseph Carson, Chief Security Scientist and Advisory CISO at Thycotic says, “Australia’s Notifiable Data Breaches scheme has ushered in a new era where CEOs can and will be held accountable for IT security failures that occur on their watch. Today when cyber security teams do not meet their targets, it impacts the CEO with longer hours, shareholder pushback, job insecurity and bonus reductions.
“To minimise the risks, CEOs need to set IT security professionals proactive measures and appropriate budgets that demonstrate the positive contribution they make to overall business performance,” he continues. “A good example is to appoint an IT security professional with good communication skills in charge of cross-departmental co-operation. This has the dual advantage of putting IT security on a more proactive footing and increasing the chances of spotting/remediating digital risks early before they can escalate and cause trouble at Board level.”
To download the full report: click here.
Notes for Editors
Research Methodology
Thycotic, commissioned independent market research specialist Sapio Research to undertake the study. Sapio asked more than 500 IT security professionals in August 2019 how they measure success and their impact on overall business success.
The sample included 100 respondents from Australia from organisations with 500 employees or more from a range of private and public sectors. The survey also encompassed respondents from USA, the UK, Germany and New Zealand. Interviews were conducted online using a rigorous multi-level screening process to ensure that only suitable candidates were given the opportunity to participate.
Results referenced above all refer to Australian respondents only unless indicated otherwise.
About Thycotic
The easiest to manage and most readily adopted privilege management solutions are powered by Thycotic. Thycotic’s security tools empower over 10,000 organisations, from small businesses to the Fortune 500, to limit privileged account risk, implement least privilege policies, control applications, and demonstrate compliance. Thycotic makes enterprise-level privilege management accessible for everyone by eliminating dependency on overly complex security tools and prioritising productivity, flexibility and control. Headquartered in Washington, DC, Thycotic operates worldwide with offices in the UK and Australia. For more information, please visit www.thycotic.com.
Out of a sample of 100 Australian, 203 US, 102 UK, 100 German and 50 New Zealand IT security decision-makers, only in Australia did meeting performance targets set by the Board come out on top (chosen by 50% of respondents) when IT security teams were asked to describe what success looks like.
In the US more respondents rated success as meeting compliance demands (44%) above meeting performance targets set by the board (38%). In the UK, more people rated success as being valued by the company (45%) above meeting board performance targets (42%). In Germany and New Zealand more people rated success as just keeping everything running smoothly (48% in both) above meeting board performance targets (34% and 36% respectively).
More Australian respondents (67%) than any other country surveyed (US 66%, UK 61%, Germany 46%, NZ 62%) also agreed there are implications for the CEO if security teams are unable to meet security targets. Consequences for Australia CEOs range from headaches such as receiving a hard time from shareholders (49%) and longer hours spent on the job (48%) to serious penalties including lost bonus payments (36%) and even a threat to the job (51%).
Commenting on the findings, Joseph Carson, Chief Security Scientist and Advisory CISO at Thycotic says, “Australia’s Notifiable Data Breaches scheme has ushered in a new era where CEOs can and will be held accountable for IT security failures that occur on their watch. Today when cyber security teams do not meet their targets, it impacts the CEO with longer hours, shareholder pushback, job insecurity and bonus reductions.
“To minimise the risks, CEOs need to set IT security professionals proactive measures and appropriate budgets that demonstrate the positive contribution they make to overall business performance,” he continues. “A good example is to appoint an IT security professional with good communication skills in charge of cross-departmental co-operation. This has the dual advantage of putting IT security on a more proactive footing and increasing the chances of spotting/remediating digital risks early before they can escalate and cause trouble at Board level.”
To download the full report: click here.
Notes for Editors
Research Methodology
Thycotic, commissioned independent market research specialist Sapio Research to undertake the study. Sapio asked more than 500 IT security professionals in August 2019 how they measure success and their impact on overall business success.
The sample included 100 respondents from Australia from organisations with 500 employees or more from a range of private and public sectors. The survey also encompassed respondents from USA, the UK, Germany and New Zealand. Interviews were conducted online using a rigorous multi-level screening process to ensure that only suitable candidates were given the opportunity to participate.
Results referenced above all refer to Australian respondents only unless indicated otherwise.
About Thycotic
The easiest to manage and most readily adopted privilege management solutions are powered by Thycotic. Thycotic’s security tools empower over 10,000 organisations, from small businesses to the Fortune 500, to limit privileged account risk, implement least privilege policies, control applications, and demonstrate compliance. Thycotic makes enterprise-level privilege management accessible for everyone by eliminating dependency on overly complex security tools and prioritising productivity, flexibility and control. Headquartered in Washington, DC, Thycotic operates worldwide with offices in the UK and Australia. For more information, please visit www.thycotic.com.