A large number of organisations in the UK are not giving their cyber security teams the recognition they deserve, while many have an actively negative perception of these professionals.
This is according to a new survey by access management firm Thycotic, which found nearly two-thirds of IT pros (63 per cent) feel their security personnel are considered to be naysayers, with a third of respondents (36 per cent) even saying these teams are regarded as "doom-mongers" or a "necessary evil" for businesses today.
Meanwhile, almost three quarters (74 per cent) of security pros said they faced negativity or indifference regarding the introduction of new security measures and policies. Almost four in ten employees (39 per cent) believe they will barely notice such measures, while 35 per cent of users think such steps will actively hamper their work.
Security teams also find it difficult to illustrate their value to the rest of the business, with nine out of ten respondents saying other departments could have a better understanding of what they are trying to achieve, while 88 per cent feel that it could be easier to communicate their views to executive management in other functions such as HR and finance.
Thycotic's research suggested one reason for this may be that security professionals are still viewed as providing a purely functional role, rather than one that can drive business transformation, and are often underrepresented at the highest levels of organisations. Indeed, just 41 per cent of firms have a chief information security officer (CISO) on the board.
Joseph Carson, chief security scientist and advisory CISO at Thycotic, said it is "disappointing" to see so many cyber security professionals feel undervalued, especially at a time when these teams are playing an increasingly strategic role within companies and are under pressure due to new threats and regulatory requirements.
He added: "The fact that negative opinions are rife amongst employees also suggests that security teams need to work harder to communicate the strategic importance of their roles to the business and reinvent themselves as ‘facilitators’ rather than ‘enforcers’ who enable the business to run smoothly."