Dive Brief:
- Most organizations still treat cybersecurity as an information technology concern, giving little weight to finance and other considerations, according to a recent study commissioned by cybersecurity firm Qualys.
- Less than a quarter (22%) of companies include finance teams in their cybersecurity risk discussions, according to the research. While 49% of respondents said their organizations have established formal cybersecurity risk programs, only 30% reported that such programs are prioritized based on business objectives.
- “Security programs that fail to align with operational, financial, and regulatory stakes are simply ineffective,” Mayuresh Ektare, vice president of product management at Qualys, said in a blog post on the research.
Dive Insight:
The vast majority (71%) of organizations believe their cyber risk levels are rising or holding steady, showing that many security investments are failing to move the needle, according to the blog post. Qualys found that just 14% of organizations use a cyber-risk approach that ties together integrated risk scenarios with financial measurements.
“[I]t’s clear…
