By Marcos Colón

March 2, 2017

A new study has discovered a significant disconnect between the cybersecurity strategy businesses have in place and to what extent it’s being executed.

The report by Intel Security and the Center for Strategic and International Studies titled “Tilting the Playing Field: How Misaligned Incentives Work Against Cybersecurity,” surveyed 800 cybersecurity executives and IT operators from businesses that range in size from 500 employees to more than 5,000 across industries.

Based on the responses, 93 percent of the organizations do have a cybersecurity strategy in place, but less than half (49 percent) have fully implemented them. Additionally, while 60 percent of IT executives believe that the full strategy has been implemented, only 30 percent of those tasked with implementing the technical aspects found in the strategy agree.

“The disconnect between strategy and implementation is partly due to the fact that those who determine the strategy (executives) and those who implement the strategy (operators) are not measuring effectiveness and outcomes using the same set of metrics,” the report said.