The survey, conducted in collaboration with SEC strategic alliance partner ISC2, identified emerging issues of joint interest as the most frequent drivers for the increase.
Comments from participants showed that many security leaders now view cooperation between functions as critical to organizational success and even survival. However, it doesn’t necessarily entail a structural convergence of the two functions.
“It is important for security leaders to realize that interaction and cooperation between corporate and cyber security does not require them to exist in the same reporting structure or report to the same person,” says Greg Kane, Senior Analyst of the Security Leadership Research Institute, the research arm of the Security Executive Council. “A cross-functional committee may produce a more effective solution for the business.” (For more information about this solution, see Making the Case for an Operational Risk Leadership Advisory Council.)
“Most people look at convergence of cyber and corporate security as an organizational structure issue, but the bottom line is, we are all talking about malicious intent, whether it’s delivered in person or digitally,” says Bob Hayes, Managing Director of the Security Executive Council. “Convergence isn’t about organizational structure. It’s about aligning risk and strategy, collective knowledge and skills, and optimizing and coordinating the identification, intervention, response, and remediation of risk.”
For the full results of the survey and participant commentary, click here. For more SEC resources on managing enterprise-wide risk, click here.
About the Security Executive Council
The Security Executive Council is the leading research and advisory firm focused on corporate security risk mitigation strategies and plans. We work with security leaders to transform security programs into more capable and valued centers of excellence. Watch our 3-minute video for a quick overview or visit us at www.securityexecutivecouncil.com.
Manager, External Relations