Report: The CEO and CTO Don’t See Eye to Eye on Cybersecurity

A new report from the tech firm Centrify makes the case that there’s a bit of a tug of war going on in the C-suite about who has the most say over cybersecurity issues. That, and the differences between the two executives, could create security issues down the road.

Cybersecurity is a tough issue to get right in any organization—and it can be tougher when the CEO isn’t on the same page with the technical staff.

That’s the key point of a recent report by the online security firm Centrify and WSJ Custom Studios, a noneditorial arm of the Wall Street Journal. The report, titled CEO Disconnect is Weakening Cybersecurity, breaks down the issues on the communication front between technical execs and the person at the top of the C-suite.

Case in point: Per the report [PDF], nearly two-thirds of CEOs (62 percent) see malware as the biggest cybersecurity threat facing the organization. However, technical officers (TOs) are more likely to see identity breaches as an issue (42 percent), compared with 35 percent citing malware as a problem.

And the disconnect also comes down to accountability—81 percent of CEOs say they’re the ones responsible for security strategies, while 78 percent of technical officers say they are.

This mismatch of expectations, highlighted by the survey of around 800 executives, could cause serious problems down the road, especially as TOs tend to have a stronger grasp of an organization’s security needs. This is highlighted by the fact that 79 percent of CTOs said they experienced a technical breach, but just 55 percent of CEOs said the same—a result that exposes a pretty significant knowledge gap. One other area that the report cites on the knowledge gap front is in regard to multifactor authentication—which 62 percent of CEOs said was the hardest part of identity management to control, compared to just 41 percent of technical officers.

“The disconnect between CEOs and TOs is resulting in misaligned priorities and strategies, as well as misinvestments in cybersecurity solutions, which are weakening security,” the report states.

In a news release, Centrify CEO Tom Kemp made the case that CEOs might want to let go of the reins a bit and suggested that a bit of old thinking was at play within the C-suite.

“While the vast majority of CEOs view themselves as the primary owners of their cybersecurity strategies, this report makes a strong argument that companies need to listen more closely to their technical officers,” Kemp stated. “It’s clear that the status quo isn’t working.”

(BernardaSv/iStock/Getty Images Plus)

Ernie Smith

By Ernie Smith

Ernie Smith is a former senior editor for Associations Now. MORE

Got an article tip for us? Contact us and let us know!