There is a pressing issue in the cybersecurity space – the inability of IT employees to communicate effectively with management. The latest study in a series conducted by Tripwire and the Ponemon Institute is titled “Are Security Metrics Too Complicated for Management?” Over 1,300 IT professionals and those involved in business operations, risk management and compliance were surveyed and shared their opinions on the issues plaguing the industry.

What is the cause of all these communication issues?


The study revealed that one of the biggest issues is that in many cases the information is too technical to be shared with those outside of the IT space. While IT and online security teams are not alone when it comes to the snares of profession-based jargon, this is a real problem that can jeopardize the security of organizations big and small. Other responses indicate that:

• Executives are only privy to information if there is an actual incident;
• It takes too much time and resources to report security metrics;
• A startling 18% said that they believe management does not care.

This is a troubling phenomenon. Cybersecurity is in many cases an organizational effort that requires executive buy-in. Employees of all levels must respect the threats presented to their organization and understand the role they can play in protecting the business – even if it is something as small and simple as being mindful when downloading email attachments.

Having difficult communicating with your executive and convincing others of the importance of cybersecurity?



Here are some suggestions to start the dialogue:


  • Use everyday language. Every industry has their own specific jargon that does not always make sense to those not working in the same sector. Whenever possible use terms that are understandable to all audiences. If that is not possible, ensure you give clear definitions of any potentially unfamiliar terms.


  • Make sharing a routine. If compiling large reports at the end of every quarter is tedious and time consuming, consider breaking them down and sharing information weekly. Consistent reporting and monitoring means that when it is time to compile everything you have already got the data at your fingertips.


  • Share your knowledge. There are lots of reasons people choose to not be invested in a topic. Often, it is because they are not really educated on it. If you want cybersecurity buy-in, you might have to put in the leg work to get executives and co-workers alike understanding just why it is so important for your business. Share news articles on companies who are doing a great job at protecting themselves as well as information on the increasing threats of online attacks and how they could impact your business. If applicable, consider holding town halls or informal lunch and learns on cybersecurity and your business.

TitanFile, 2013, How Do You Communicate with Management About Cybersecurity?, July 16, 2013, <>