View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Communication gaps between IT departments and senior corporate leadership worsening application security risks

New research by Dynatrace finds that boardrooms are often confounded by their security teams’ techno-babble and an inability to convey how the risk of breaches could impact wider corporate operations.

By Greg Noone

New research has found that communication gaps between IT security teams and senior corporate leadership could lead to serious gaps in application security. According to a survey by Dynatrace, 87% of CISOs polled said that security in this area needed to be improved, while three-quarters also reported that commonly used security tools are failing to generate the kinds of insights into company-wide cybersecurity demanded by boardrooms. 

“Many CISOs are struggling to drive alignment between security teams and senior executives because they’re unable to elevate the conversation from bits and bytes to specific business risks,” said Bernd Greifeneder, Dynatrace’s chief technology officer. “CISOs urgently need to find a way to overcome this barrier and create a culture of shared responsibility for cybersecurity. This will be critical to improving their ability to respond effectively to security incidents and minimize their risk exposure.”

An AI-generated image of a CISO explaining a concept to a confused-looking senior executive, used to illustrate a story about the communication gaps emerging between security teams and corporate leadership.
Communication gaps between CISOs and wider corporate leadership are a real thing, says a new survey, with dire implications for wider application security. (Image by Shutterstock)

Communication gaps worsening application security risks

A common complaint among senior leaders was that security teams often explained threats to the company in overly technical terms without touching on how these risks might impact the wider business. For their part, 77% of CISOs polled complained that CEOs and boards concentrated too much on the ability of their company to react to security incidents after they had happened, instead of investing proactively to mitigate the risk of such crises occurring in the first place. 83% also said that C-suite leaders needed to improve their understanding of the wider security posture of their company. 

This is especially true of application security risk, said CISOs, with 82% concluding that visibility urgently needed to be increased into this area of vulnerability so that senior leaders could make more informed decisions about how to shore up corporate cyber defences. Even so, only half of CISOs reported incorporating third-party software bills of materials (SBOMs) into their firm’s risk management practices, while only 20% said that third-party SBOMs were actually providing those insights.

AI cybersecurity threat looming for many CISOs

This factor is especially worrying to CISOs with the advent of generative AI, said Dynatrace, with 52% of those surveyed saying they were concerned that future models afford cybercriminals new opportunities to find and exploit vulnerabilities more quickly. 83%, meanwhile, reported that DevSecOps automation would likely prove invaluable in managing this threat before the arrival of more advanced methods, though only 11% said that their firm had mature versions of those practices in place – a figure that dips to 8% among UK CISOs.

“On the one hand, there’s a greater risk of developers introducing vulnerabilities through AI-generated code that has not been adequately tested, and on the other, cybercriminals can develop more automated and sophisticated attacks to exploit them,” said Greifeneder. “Adding further pain, organisations must also comply with emerging regulations such as the SEC mandate, which requires them to identify and report on the impact of attacks within four days. Organizations urgently need to modernize their security tools and practices to protect their applications and data from modern, advanced cyber threats.”

Read more: Survey reveals ‘AI trust gap’ between management and staff

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.