- OTRS survey of US IT and cyber security professionals: 34 percent rate IT department as most difficult to collaborate with on security initiatives
- Security and IT teams work together very often in the US
- Stolen devices pose greatest risk to organizations; lack of necessary software hold companies back
Cupertino, 19. October 2023 – Security initiatives launched by security teams are not equally well received by all departments. show. According to results of the latest OTRS Spotlight: Corporate Security 2023 survey, security teams encounter the most resistance in IT departments. 34 percent of respondents in the US say that collaboration on security initiatives is the most difficult with IT. At 27 and 25 percent respectively, office management and customer support teams also top the list of challenging departments with which to work. Security teams find it easiest to collaborate with administration teams (13 percent), sales (17 percent) and marketing (17 percent).
For the survey, the software company OTRS Group, in collaboration with the market research company Pollfish, questioned 500 IT and cybersecurity professionals, including 100 in the United States.
Increased security awareness across the company through collaboration between IT and security departments
“IT professionals are tech-savvy and therefore often have distinct opinions and preferences, for example, regarding the use of certain tools. This can easily cause friction between themselves, IT and cybersecurity specialists. However, if there is a tussle over competencies or an attitude of denial, it doesn’t help anyone but the attackers,” says Jens Bothe, Vice President of Information Security at OTRS Group. “Security teams and IT teams need to work closely together to achieve the highest possible level of security.”
The survey also found that security teams who collaborate with IT service management (ITSM) in their organization achieve a higher level of security. The top benefits that US leaders see in working together is having improved overall organizational resilience (33 percent). Other top benefits include achieving a security-conscious organizational culture through joint efforts in security training (23 percent) as well as improved compliance and early detection of threats (21 percent each).
US IT and security teams work well together
In the majority of US organizations, IT and security teams work hand in hand quite often. While an average of 82 percent of all the countries surveyed collaborate with ITSM teams sometimes or very often, just under a third (67 percent) do so in the US. 12 percent never join forces, and only 5 percent only do so rarely.
The two departments pull together, they do so in a variety of ways: integrating security mechanisms into IT service delivery (44 percent), security awareness training and user education (43 percent), vulnerability assessment and patch management (42 percent) and risk assessment and mitigation strategies (39 percent).
Internationally, with an average of 45 percent, many also work together to continuously monitor and detect threats. US security teams still have room for improvement in this area: Only around a quarter (38 percent) are putting their heads together with ITSM for this purpose.
Employees are learning about security
In general, respondents believe that security is well-handled (44 percent) and only 15 percent believe that more should be invested in security awareness training.
Organizations see the success of their efforts paying off, because they are routinely answering security-related inquiries. Top among these is requests for assistance with multi-factor authentication (38 percent). Yet, they routinely get questions about suspicions emails or possible phishing attempts (36 percent); the security of using personal devices (33 percent); and questions about the legitimacy of software or app downloads or updates (31 percent).
Inattention causes trouble
In the US, significant damage has been done to organizations due to inattention – either by IT teams or end users. Fifteen percent of teams cite that lost or stolen devices containing sensitive data has posed the biggest risk. This was followed by data privacy and consent issues (13 percent); phishing emails; forgotten password and lockout issues; and vulnerabilities in corporate systems (10 percent each).
“One moment’s inattention, one wrong click – it doesn’t take much to cause immense damage to an organization. That’s why it’s only right that IT and cybersecurity teams place such a high value on sensitizing and training all employees in their organization to threats,” says Jens Bothe. “For this to succeed, security teams must also have backing from top management to implement security measures across departments, effectively and efficiently.”
###
About the Survey “OTRS Spotlight: Corporate Security 2023”
The data used is based on an online survey conducted by Pollfish Inc. on behalf of OTRS AG, in which 500 IT und cyber security professionals in the U.S., Germany, Brazil, Mexico, and Singapore participated between September 5, 2023, and September 8, 2023.
For more results from the first part of the survey, see the infographic available for download here.
Results from the other countries surveyed can be found in the respective infographics under the following links:
About OTRS Group
OTRS Group is the manufacturer and the world’s largest provider of the enterprise service management suite OTRS. It offers companies industry-independent solutions for structured communication in customer service, IT service management and security management. In addition to the core product OTRS, the security solutions STORM and CONTROL ensure efficient cybersecurity incident management and transparent documentation in accordance with standards such as ISO 27001.
Among its customers are Lufthansa, Airbus, Porsche, BSI (Federal Office for Security in Information Technology), Max Planck Institute, Toyota and TUI Cruises. The company consists of OTRS AG and its five subsidiaries OTRS Inc. (USA), OTRS S.A. de C.V. (Mexico), OTRS Asia Pte. Ltd. (Singapore), OTRS do Brasil Soluções Ltda. (Brazil) and OTRS Magyarország Kft. (Hungary). OTRS AG is listed on the basic board of the Frankfurt Stock Exchange.
For more information, see www.otrs.com.