Folder and survey result icons on a green background
BlogSecurity
October 29, 2025

New data: Security’s communication gap with leadership (cost vs. value)

Written by
Lucia Giles
Sr. Content Marketing Manager
Reviewed by
Ethan Heller
GRC Subject Matter Expert

Accelerating security solutions for small businesses 

Tagore offers strategic services to small businesses. 

A partnership that can scale 

Tagore prioritized finding a managed compliance partner with an established product, dedicated support team, and rapid release rate.

Standing out from competitors

Tagore's partnership with Vanta enhances its strategic focus and deepens client value, creating differentiation in a competitive market.

Security leaders often face challenges that extend beyond the firewall: a major gap in communication between the security function and executive leadership. This misalignment can have severe consequences, including stalling deals, increasing organizational risk, and preventing security from being recognized as a key driver of business growth.

To better understand this disconnect, our new survey reveals how security professionals view their communication challenges, which security metrics matter most to the C-suite, and how often executives truly factor security trends into critical business decisions.

Let’s dive into key insights from the survey data and expert perspectives on improving business communication.

Key takeaways
  • Security drives decisions: 87% of respondents say security insights always or often guide executive strategy, influencing budgeting, partnerships, and risk management
  • Alignment gaps remain: Executives and security teams share priorities, but differences in framing make security seem like a cost center
  • Misalignment impacts deals: Over half (54%) report lost or delayed deals due to security-sales gaps
  • ROI and communication challenges: Nearly a third (30%) see security as a cost center, with inconsistent reporting limiting perceived value

Security insights influence nearly all (87%) business decisions 

Our survey reveals that security indicators and insights play a critical role in executive decision-making, with 87% of respondents reporting that these insights “always” or “often” influence business decisions

These indicators, such as incident prevention metrics, compliance achievements, and operational resilience data, are more than technical health checks. They directly influence executive decisions, guiding strategic choices around budgeting, partnerships, product launches, and risk management. Security isn’t operating on the sidelines; it’s helping define the direction of the business.

But as the following findings reveal, this influence may not always translate into shared understanding. While executives rely on security policies and insights to steer key decisions, many still struggle to interpret the data’s full business implications—a disconnect that limits security’s potential as a growth driver.

how often security metrics directly influence executive business decisions bar grpah of survey results

C-suite and security teams are nearly perfectly aligned, in theory 

At first glance, security leaders and executives appear closely aligned. Most security leaders said avoiding security incidents is their most valuable initiative, both in their own view (35%) and in what they believe executives value most (39%). Operational continuity and customer trust followed, showing shared priorities around resilience and reputation.

Yet alignment in theory does not always translate in practice.

The biggest disconnect between security leaders and executives is language. Security leaders speak in technical risks, while executives focus on business impact. When we translate threats into outcomes like revenue, trust, and resilience, security becomes a strategic driver instead of just a cost.”

Jadee Hanson
Chief Information Security Officer, Vanta
|
LinkedIn

While both sides agree on priorities, differences in framing create a language gap. Executives emphasize measurable business outcomes like revenue and brand perception, while security teams focus on risk reduction and operational resilience. This gap can limit how well alignment is realized in practice, even when priorities appear closely matched.

Which security indicators and insights do you believe executives find most valuable vs. which security indicators do you personally believe are the most valuable survey results

A majority of companies suffer lost deals due to security and sales misalignment 

Over half of survey respondents (54%) reported that misalignment between security and sales has led to lost deals or delayed sales cycles at their company. Including those who haven’t experienced it yet but expect to, the true impact could affect nearly three-quarters of companies.

This disconnect directly affects revenue and deal velocity. When security is seen as a challenge, sales cycles slow, opportunities are lost, and potential customers may walk away. Enterprise deals often stall when compliance requirements aren’t clearly communicated or when security policies are introduced late in the sales process.

Security teams can prevent lost deals by engaging early with sales and translating compliance and risk requirements into clear business outcomes. Framing security as an enabler rather than a blocker helps accelerate the sales cycle. Practical steps include aligning documentation for prospects and clarifying regulatory requirements upfront. Tools like Vanta make this easier by centralizing controls, automating compliance, and providing detailed insights to keep deals moving.

Nearly one-third say security is viewed as a cost, not a catalyst

Nearly a third of respondents (30%) still see security as an operational expense rather than a growth driver, limiting how its value is perceived across the business. This perception is reinforced by inconsistent ROI reporting and a lack of standardized metrics—1 in 4 cited these gaps as a major communication challenge.

Key findings highlight how this plays out internally:

  • 26% cite the lack of standardized metrics as a barrier to proving ROI.
  • 37% say executives most value insights tied to financial risk reduction.
  • 42% report that cost is the security metric that gets the most executive attention.
  • Over 2 in 5 (42%) wish executives were more educated on the value of security and today’s risk landscape.

This isn’t a failure of security; it’s a failure to communicate impact consistently. Security teams can reframe value by tracking business-aligned metrics, standardizing reporting, and linking security outcomes to revenue protection, risk reduction, and operational resilience. By telling the story in business terms, security shifts from being seen as a cost to being recognized as an advantage.

most important security metrics data callouts from survey results

Compliance confidence is high, 90% report

Security and IT professionals are generally confident that their leadership understands regulatory and security compliance requirements needed to close enterprise deals. Almost half (45%) are very confident that executives fully grasp these requirements, while 46% are somewhat confident, meaning leadership understands the basics but may lack detailed knowledge. 

Executives who understand the nuances of regulatory and security requirements don’t just mitigate risk; they enable growth. This depth of understanding allows them to align compliance efforts with business strategy, demonstrating to customers and partners that security is embedded in the organization’s DNA. The companies that make this shift —treating compliance as a driver of trust and opportunity rather than an obligation—will be the ones that stand out in an increasingly competitive and regulated marketplace.”

Jadee Hanson
Chief Information Security Officer, Vanta
|
LinkedIn

While overall confidence is high, communicating the relevance of security metrics in terms of business impact remains important.

Why security communication often breaks down

Several common barriers, as reinforced by our survey results, can hinder effective security communication:

  • Technical jargon (21%): Security metrics and risk assessments can be difficult for executives to interpret.
  • Lack of standardized reporting (26%): Without consistent ways to measure impact, demonstrating ROI is challenging.
  • Competing business priorities (17%): Security insights may receive less attention when executives focus on other initiatives.

These challenges persist because security teams and business leaders often operate with different perspectives. Standardized reporting and compliance management software can help—providing consistent ways to demonstrate ROI. 

Tips to improve communication between executives and security teams

Improving communication across the board is the foundation of progress for any company. Several tips include:

  • Simplify technical language: Translate complex security metrics into terms executives can understand. For example, instead of reporting a “42% reduction in phishing click rate,” frame it as “Employee awareness training reduced our risk of credential theft nearly by half.”
  • Tie security metrics to business outcomes: Show how security impacts revenue, customer trust, and operational continuity.
  • Standardize reporting: Use consistent formats to clearly demonstrate ROI and impact.
  • Involve executives early in planning cycles: Align security team priorities with C-suite priorities from the start.
  • Connect security compliance solutions to revenue opportunities: Show how meeting regulatory requirements supports deals and business growth.
  • Provide visibility into controls and risk posture: Platforms that centralize compliance and risk data can help communicate security’s impact and aid trust management with leadership.

These tips can help shift the perception of security from a solely operational function to a strategic enabler.

From compliance to confidence: Mastering security communication

Clear security communication turns compliance into business value. By connecting metrics to outcomes, standardizing reporting, and using dashboards to show impact, teams can build executive confidence and generate security wins across the organization.

Vanta’s trust management platform helps teams centralize controls, automate compliance, and provide actionable insights, making it easier to demonstrate ROI and show how security supports business growth. Explore how Vanta can help earn and manage trust

Methodology

In September 2025, quantitative research conducted by Centiment was commissioned by Vanta to explore the communication gap between security teams and executives. The goal was to better understand how well U.S.-based business decision-makers perceive, engage with, and act on security-related information from their security teams. The survey was co-designed by Vanta and Siege Media and collected responses from 600 business decision-makers in the United States. Data is unweighted, and the margin of error is approximately +/-4% for the overall sample with a 95% confidence level.

Access Review Stage Content / Functionality
Across all stages
  • Easily create and save a new access review at a point in time
  • View detailed audit evidence of historical access reviews
Setup access review procedures
  • Define a global access review procedure that stakeholders can follow, ensuring consistency and mitigation of human error in reviews
  • Set your access review frequency (monthly, quarterly, etc.) and working period/deadlines
Consolidate account access data from systems
  • Integrate systems using dozens of pre-built integrations, or “connectors”. System account and HRIS data is pulled into Vanta.
  • Upcoming integrations include Zoom and Intercom (account access), and Personio (HRIS)
  • Upload access files from non-integrated systems
  • View and select systems in-scope for the review
Review, approve, and deny user access
  • Select the appropriate systems reviewer and due date
  • Get automatic notifications and reminders to systems reviewer of deadlines
  • Automatic flagging of “risky” employee accounts that have been terminated or switched departments
  • Intuitive interface to see all accounts with access, account accept/deny buttons, and notes section
  • Track progress of individual systems access reviews and see accounts that need to be removed or have access modified
  • Bulk sort, filter, and alter accounts based on account roles and employee title
Assign remediation tasks to system owners
  • Built-in remediation workflow for reviewers to request access changes and for admin to view and manage requests
  • Optional task tracker integration to create tickets for any access changes and provide visibility to the status of tickets and remediation
Verify changes to access
  • Focused view of accounts flagged for access changes for easy tracking and management
  • Automated evidence of remediation completion displayed for integrated systems
  • Manual evidence of remediation can be uploaded for non-integrated systems
Report and re-evaluate results
  • Auditor can log into Vanta to see history of all completed access reviews
  • Internals can see status of reviews in progress and also historical review detail
Logo of incident.io
Incident.io
Logo of Lumos
Lumos
Icepanel logo on a white background.
IcePanel
Epsilon Logo
Epsilon3
The logo for supabase.
Supabase
EasyLLama Logo
EasyLlama
Qualifi Logo
Qualifi
Logo of toku
Toku
FEATURED VANTA RESOURCE

The ultimate guide to scaling your compliance program

Learn how to scale, manage, and optimize alongside your business goals.

DOWNLOAD FOR FREE

Table of contents

No titles!

Share this article

Share this article

Related Resources

No items found.

Related Resources

Security
Blog
What is TISAX certification? A 101 guide to compliance

Go through our comprehensive TISAX compliance guide.

Security
Blog
30+ due diligence questions to ask AI vendors in a security review

Discover all key categories of questions you should ask your AI vendors or partners while conducting a security review.

Security
Blog
How to demonstrate your AI security posture: A step-by-step guide

Are you looking to demonstrate your AI security posture to vendors and partners? Understand these six steps and learn about relevant tools.

Security
Blog
What is shadow AI and what can you do about it?

Find out what shadow AI is in today’s context and whether it presents a huge threat to your organization.

Security
Blog
How agentic AI in security changes the game: Benefits and challenges

Discover agentic AI and see how it differs from AI agents. Explore the benefits it brings to your organization and its implications on your security posture.

Security
Blog
9 AI risks that could impact your organization—and how to mitigate them

Discover the nine most relevant AI risks that can threaten your network and systems, and explore some practical strategies to proactively mitigate them.

Security
Blog
A step-by-step guide to AI security assessments [With a template]

Find out how to conduct an AI security assessment to stay ahead of potential threats and regulatory updates.

Security
Blog
8 fundamental AI security best practices for teams in 2025

Discover the eight baseline security best practices to minimize risks and vulnerabilities within AI systems. We’ll also discuss the tools that can support you.

Security
Blog
AI security posture management (AI-SPM): All information in one place

Learn about AI security posture management (AI-SPM) in our guide.

Security
Blog
AI security: A comprehensive guide for evolving teams

Learn why it matters and how to safeguard your systems to reinforce your organization’s defenses.

Security
Blog
Lessons for founders from Frameworks for Growth season 1

Executives from YC, Anthropic, Replit, Sierra, and Synthesia share advice for founders.

Security
Blog
Laying the groundwork: Building security foundations at the partial stage

Learn how partial-stage companies build security foundations to advance toward risk-informed maturity.

Get compliant and build trust—fast

Request a demo
G2 Badge 2025 - Best Software | Top 50 Governance, Risk, & Compliance ProductsG2 Badge 2025 - Best Software | Top 50 Security ProductsG2 Badge 2025 - Best Software | Top 100 Best Software Products