Organisations could be at risk of data security breaches because managers are failing to understand metrics set out by IT professionals, a new survey has shown.
More than half (59 per cent) of those working in IT security, IT operations, IT risk management, business operations, compliance/internal audit and enterprise risk management said that the information they provide is simply too technical.
The survey, which was carried out by Tripwire and the Ponemon Institute, highlighted that 48 per cent of people in these roles believe management is preoccupied with other, more pressing issues facing their business.
Highlighting the need to carry out an extensive security audit, 40 per cent of IT professionals said they only ever communicate with managers when an actual incident has occurred.
Rekha Shenoy, vice-president of marketing and corporate development at Tripwire, said these concerns have been echoed by many organisations from all over the world.
She continued: "Chief information security officers talk about the importance of leveraging metrics as a way to influence business leadership and build a risk management practice within their companies.
"Unfortunately, they struggle with the bigger challenge of producing meaningful metrics while those they use are rarely aligned with business goals."
Additional figures from the survey found that 35 per cent of individuals in IT roles think it takes too much time and resources in order to prepare and report metrics to their senior executives.
Furthermore, almost a fifth (18 per cent) revealed that they thought senior executives were not interested in the information they could provide.
Tripwire and the Ponemon Institute therefore emphasised the need for security metrics to be properly aligned with business objectives, otherwise companies could fall short of the mark in terms of data security.
Senior executives also need to recognise how important these strategies are to the overall success of their organisation.