HomeCII/OTThe Impact of Organizational Structure on Cybersecurity Outcomes by Sophos News

The Impact of Organizational Structure on Cybersecurity Outcomes by Sophos News

Published on

spot_img

A recent analysis conducted by Sophos delved into the relationship between organizational structure and cybersecurity outcomes, shedding light on how the structure of a cybersecurity function can impact the overall security posture of an organization. The study, based on a survey of 3,000 IT/cybersecurity professionals in mid-sized organizations across 14 countries, aimed to identify which organizational structure yields the best cybersecurity results.

The survey participants were categorized into three main groups based on their organizational structure:

– Model 1: Organizations where the IT team and the cybersecurity team are separate entities
– Model 2: Organizations with a dedicated cybersecurity team as part of the IT organization
– Model 3: Organizations where there is no dedicated cybersecurity team, and cybersecurity is managed by the IT team

The analysis revealed that organizations with a dedicated cybersecurity team within the IT organization (Model 2) reported the best overall cybersecurity outcomes. On the other hand, organizations where the IT and cybersecurity teams were separate (Model 1) reported the poorest experiences. This suggests that having cybersecurity and IT operations closely integrated within the same team leads to more favorable security outcomes.

The research also highlighted the importance of having the right cybersecurity skills and capacity within the organization. While organizational structure plays a role in cybersecurity outcomes, having the necessary expertise is crucial regardless of the structure. Organizations lacking in-house cybersecurity capabilities may benefit from partnering with specialized third-party cybersecurity providers to enhance their defenses.

The analysis compared the experiences of the three organizational models across various areas, such as the root causes of ransomware attacks, ransomware recovery, security operations delivery, and day-to-day cybersecurity management. One interesting finding was that the reported root causes of ransomware attacks varied depending on the organizational structure, with different models experiencing different vulnerabilities.

Model 1 organizations were more likely to pay ransoms and reported lower rates of backup use for data recovery, while Model 2 organizations fared best in security operations delivery. However, all three models faced similar challenges in day-to-day cybersecurity management, with common concerns around advanced cyber threats, data exfiltration, phishing, and security tool misconfigurations.

It is important to note that the analysis focused on correlation rather than causation, and further research is necessary to understand the reasons behind the outcomes. Factors such as industry sector, team skill levels, staffing, and organizational age can also influence cybersecurity outcomes.

Overall, the findings of this analysis provide valuable insights into how organizational structure can impact cybersecurity outcomes. By understanding the relationship between structure and security results, organizations can optimize their defenses and better protect against evolving cyber threats. Further research in this area can help organizations leverage their internal structure to enhance their cybersecurity posture and stay ahead in the ever-changing cybersecurity landscape.

Source link

Latest articles

San Francisco Calls on Apple and Google to Remove AI Nudify Apps

San Francisco Takes Action Against AI "Nudify" Apps Targeting Vulnerable Individuals In a decisive move...

China’s Kimi K3 Drives Chip Stocks into Bear Market

Open-Weight Model Reopens Debate Over US...

Government Updates UK National Risk Register with Cyber Warnings

The UK government has taken significant steps to address evolving threats in the realm...

LegacyHive Windows Zero-Day Allows Attackers to Take Control of Administrator Registry Hives

A recently uncovered security vulnerability in Windows systems, termed LegacyHive, has raised significant alarms...

More like this

San Francisco Calls on Apple and Google to Remove AI Nudify Apps

San Francisco Takes Action Against AI "Nudify" Apps Targeting Vulnerable Individuals In a decisive move...

China’s Kimi K3 Drives Chip Stocks into Bear Market

Open-Weight Model Reopens Debate Over US...

Government Updates UK National Risk Register with Cyber Warnings

The UK government has taken significant steps to address evolving threats in the realm...