Cybersecurity policy changes is hardest topic for C-level to discuss with IT colleagues


Utrecht, Feb. 2, 2023 - Every third C-level executive (36%) struggles to discuss changes to cybersecurity policies with their IT (security) colleagues. IT employees, in turn, find increasing the cybersecurity budget the most difficult topic to discuss with management. This and more is according to a survey by Kaspersky.

The majority of IT employees say the main reason for cutting the cybersecurity budget is that top management sees no reason to invest so much in that area. Kaspersky conducted a special survey to find out if this situation could be the result of unclear communication between IT security staff and executives, and to discover if there is a lack of mutual understanding between these two groups.

This survey also shows that nearly one in three Dutch senior executives surveyed (29%) believe that IT security staff should better communicate cyber risks. At the same time, only 1 in 10 cybersecurity employees admit to having some difficulty explaining aspects of their work to non-IT colleagues and executives.

Management and IT security professionals also differ on the most complicated topics to debate. The three most difficult topics for C-level executives to discuss with IT security staff are:

  • Changes to cybersecurity policies (36%)
  • Evaluating IT security team performance (28%)
  • Increasing cybersecurity awareness among employees (27%)

For IT employees, the top three most difficult topics to discuss with non-IT managers are:

  • The need to increase the IT security budget (51%)
  • Increasing cybersecurity awareness among employees (43%)
  • Expanding the IT security team (43%)

In addition to both agreeing that increasing cybersecurity awareness is important, they also agree that reports and figures help facilitate discussions about IT security issues. In addition, C-level executives indicate that real-world examples (43%) help them better understand IT security professionals. IT employees, on the other hand, believe that threat stories (50%) will help them better communicate with executives.

It can be assumed that non-IT executives have difficulty discussing changes to cybersecurity policies because of the plethora of complex technical terms and concepts often used by IT security executives. However, IT executives are reluctant to talk about increasing budgets because C-level executives expect them to use business metrics to justify their needs" - said Ivan Vassunov, VP, Corporate Products, Kaspersky. "Today, in a difficult economic climate and complex threat landscape, mutual understanding between these two groups is more important for business continuity than ever before. To avoid additional cybersecurity risks, it is crucial that both teams know how to speak a common language based on numbers, reliable references and understandable arguments."

Powered by


Expert reactions to first anniversary ChatGPT

Lawmakers from EU want to reduce tech dependency

New CEO of Binance discusses the future of the exchange

Cyberscams during the holidays: here's what you need to know

© Dutch Tech On Heels - 2023
Made with
Web Wings