Business executives in UAE and Saudi Arabia are hesitant to acknowledge their lack of understanding when it comes to discussing cybersecurity issues, according to a recent study.
According Kaspersky, a third of top managers in the UAE and Saudi Arabia are unfamiliar with key cybersecurity terms such as DDoS, cryptominers, and backdoors.
While cybersecurity is now an essential consideration for every business decision, many executives lack confidence that their cybersecurity budget is being allocated to the most significant risks facing their organisation.
The report revealed that C-suite executives sometimes struggle to comprehend their IT security peers and are often reluctant to show their confusion. In fact, 23 percent of non-IT executives in the UAE and Saudi Arabia said they would not feel comfortable admitting their lack of understanding during meetings with IT and IT security. Additionally, almost half of respondents (48 percent) felt embarrassed to reveal that they did not understand the topic. Despite regularly discussing security issues with IT security managers, a significant number of top managers were unable to explain key cybersecurity terms.
For example, 24 percent could not define a botnet, 28 percent could not define an APT, and 32 percent could not define a DDoS attack. However, terms such as Spyware, Malware, Trojan, and Phishing were more familiar to top managers.
Business leaders and non-IT personnel often struggle to understand cybersecurity, leading to miscommunications that can have serious consequences. Nearly all companies (98 percent) report experiencing some form of miscommunication related to IT security. This breakdown in communication has resulted in significant project delays for 67 percent of respondents and at least one cybersecurity incident for 62 percent of managers.
Additionally, 61 percent of those surveyed reported negative impacts on the business, including wasted budget, loss of valued employees, and damaged team relationships.
“Non-IT top management do not have to be experts in complex cybersecurity terminology and concepts and IT security executives should keep this in mind when communicating with the board,” said Sergey Zhuykov, Solution Architect at Kaspersky.
“To establish efficient cooperation CISO should be able to focus C-level attention precisely on meaningful details and clearly explain what exactly the company is doing to minimize cybersecurity risks. In addition to communicating clear metrics to stakeholders, this approach requires offering solutions instead of problems.”
