The biggest problem in information security isn’t finding attackers, it isn’t patching systems and it isn’t even stopping phishing attacks.
While these are all very real, they are the bread and butter of what we do. The real top issue in security is lack of alignment with the business. There are many causes for this, which we’ll look into; but the answer is quite straightforward. The key to aligning to the business is a frequent risk dialog with the business. That doesn’t mean reporting on the number of viruses stopped in a month or tracking the right KPIs, which you should do, but rather it’s about a two-way dialog that really leads to changes in behaviours on both sides, starting with security.