“While most IT and security operations (SecOps) decision-makers believe they should jointly share the responsibility for their organization’s data security strategy, many of these teams are not collaborating as effectively as possible to address growing cyber threats,” reveals new research commissioned by Cohesity, a data management service provider.

The survey also shows that of those respondents who believe collaboration is weak between IT and security, nearly half of respondents believe their organization is more exposed to cyber threats as a result — and the implications of that could have significant consequences for businesses.

The research is based on an April 2022 survey conducted by Censuswide, of more than 2,000 IT decision-makers and SecOps professionals (split nearly 50/50 between the two groups) from businesses in the United States, the United Kingdom, and Australia — all of whom have a role in the decision-making process for IT or security.

The survey was conducted as nearly three-quarters (74%) of respondents believe the threat of ransomware in their industry has increased over the last year, with nearly half of respondents (47%) saying their organization has been the victim of a ransomware attack in the last six months.

The survey uncovered the following results globally:

• Security should be a shared responsibility: More than four in five (81%) of respondents overall (86% of IT decision-makers and 76% of SecOps) somewhat or strongly agree that IT and SecOps should share the responsibility for their organization’s data security strategy.
• Effective collaboration between IT and security teams is frequently not happening: Almost a third of SecOps respondents (31%) believe the collaboration is not strong with IT, with 9% of those respondents going so far as to call it “weak.” Among IT decision-makers, more than a tenth of respondents (13%), believe collaboration with SecOps is not strong. In total, nearly a quarter (22%) of IT and SecOps respondents overall believe the collaboration between the two groups is not strong.
• The ongoing tech talent shortage is making matters worse: When asked if the talent shortage is impacting the collaboration between IT and security teams, 78% of respondents (77% of IT decision-makers and 78% of SecOps) said, yes, it is having an impact.

Brian Spanswick, chief information security officer, Cohesity, comments, “for too long, many security teams focused primarily on preventing cyber attacks, while IT teams have focused on data protection, including backup and recovery. A complete data security strategy must bring these two worlds together — but in many cases, they remain separate and this lack of collaboration creates significant business risks and can put companies at the mercy of bad actors.”