Survey: Most IT Staff Don't Communicate Security Risks 227
CowboyRobot writes "A Tripwire survey of 1,320 IT personnel from the U.S. and U.K. showed that most staff 'don't communicate security risk with senior executives or only communicate when a serious security risk is revealed.' The reason is that staff have resigned themselves to staying mum due to an environment in which 'collaboration between security risk management and business is poor, nonexistent or adversarial,' or at best, just isn't effective at getting risk concerns up to senior management."
Shoot the messenger (Score:2, Informative)
Yes, I did stop communicating security risks eventually. I'd say I stopped after the 10 or 20 thousandth 'So what?' from management.
Re:Security = Liability (Score:2, Informative)
No, it's not a language barrier. The problem is that techies cannot tell management what the management does not want to hear. Even if the techies translate perfectly the message "this will cost you $$$ but it MIGHT save you $$$$$!" simply don't work no matter how true the message really is.