It’s never easy to understand how the logic of capital benefit trumps the sensibility of strategic gain and yet throughout corporate Australia, it does.
Band aid measures have always been designed as a stop gap to prevent haemorrhaging while solutions are found, but it seems business has adopted an attitude of, ‘if the band aid is working then there’s no need to find a solution’, making it a flawed logic to accept.
Trying to understand why corporate Australia approaches solutions to problems in the way it does, is a minefield littered with danger. But at worst one can safely draw conclusions it’s the quality of personnel inexperienced at making key strategic moves which benefit the company.
The investment in education will always be a key to creating change and when business comes to finally understand the logic it applies is an ill-considered poorly thought through strategy along with its willingness to make the necessary economic investments it needs to.
Both education and investment will almost single-handedly eliminate the avalanche of problems it unwittingly creates for itself in a digital world where security is a regular headline issue. And one of those problems it unleashes is the burgeoning issues of the health of staff.
What is required is a rethink and change in attitude by corporate Australia toward the unrelenting pressure placed on employees, especially those who protect a company’s information systems and the data of its customers or clients.
Arming employees with tools and support mechanisms becomes critical in the battle to deliver best outcomes. But when support is minimised or denied, it leaves wide open the doors for security breaches and a negative impact on the health of employees.
Highlighting just what an impact lack of support provides by companies, was illustrated following a survey Security in Depth recently undertook with chief information security officers (CISOs) inside Australian businesses. What the survey uncovered as it sought to understand the life and challenges CISOs faced in their roles, displayed a disturbing trend of disregard and negligence by corporate executives and boards.
The results showed:
- 67 per cent of all CISOs surveyed believed they did not have the full support of the executive or the board with 82 per cent stating they believed it’s vital for them to have a seat at the table.
- 31 per cent of CISOs are struggling with work life balance, with 92 per cent not being able to switch off from work after coming home - stating they are taking work home at least four of the seven days, stating they are on call 24/7 365 days a year.
- One CISO openly stated being on call while travelling on holidays with family in Europe.
- 20.1 per cent of CISOs stated they are suffering from burnout.
- 71 per cent of CISOs claimed they do not have the people to support the job that is required.
- While 56 per cent stated they would not be in the same job within the next two years.
With all the damning negatives that lay perched at the hands of Australia’s corporate executives and their boards, the time has come now more than ever for them to act and ensure their manpower and assets aren’t impacted by naivety and a lack of desire to act.
CISOs are an integral force in ensuring our most important assets are secure and protected daily and yet are not valued.
There is the expectation they will keep companies safe and secure, and work long hours to achieve this, impacting their health, families, and careers.
Like the whistling winds of silence that echo through open plains, they scream and yet they are not heard, as boards focus on providing money for technology but fail to listen to CISOs or understand that people and processes matter as much as technology does.
Boards that do not provide CISOs with the right authority, autonomy or tools to manage these areas effectively will be creating a failed system incapable of living up to its expectations while its key assets are left to wither.
Michael Connory is the CEO of Security In Depth.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.