As executives become more knowledgeable about cyber security, it allows for more productive discussions regarding funding and resource allocation, ultimately improving the organisation's security posture.
Dirk Kotze, information security officer for the personal segment at FNB, raised the issue at the recently held ITWeb Security Summit 2025 in Sandton, South Africa, while discussing how to unlock executive buy-in for security.
During his address, Kotze highlighted the serious concerns regarding cyber security within businesses, outlining the crucial necessity for executive support in improving security measures.
Kotze cited statistics claiming that 47% of employees reported multiple cyber security incidents, and organisations with C-suite support were found to be 32% more effective in addressing them.
He spoke of the importance of cyber-aware leadership, which boosts the likelihood of obtaining appropriate resources for improving the organisation’s cyber security posture.
“If your organisation is cyber-aware, if your leadership is cyber-aware, you're 67% more likely to have adequate security resources,” he said.
He urged cyber security managers to think about how they are presenting technical information to non-technical audiences, emphasising the importance of translating complex security concepts into relevant business KPIs to better engage executives.
Kotze went on to underscore the importance of building relationships with decision-makers and fostering a collaborative culture rather than a fear-based one in cyber security communication.
“I’m sure we all have a common challenge in getting security remediation executed – both from an IT capacity point of view and often from a prioritisation point of view.
“Often, the amount of work simply far exceeds available capacity, and new business requirements and operational issues pretty much always pull rank.”
He went on to recommend that fear, uncertainty, and doubt should not be used when discussing how to gain executive buy-in for security.
Share
