Trend Micro study reveals urgent need for new way to discuss business risk
Trend Micro Incorporated, a global cybersecurity leader, today announced new research* revealing that 90% of IT decision makers claim their business would be willing to compromise on cybersecurity in favor of digital transformation, productivity, or other goals. Additionally, 82% have felt pressured to downplay the severity of cyber risks to their board.
To read a full copy of the report, please visit: https://www.trendmicro.com/explore/en_gb_trendmicro-global-risk-study
“IT leaders are self-censoring in front of their boards for fear of appearing repetitive or too negative, with almost a third claiming this is a constant pressure. But this will only perpetuate a vicious cycle where the C-suite remains ignorant of its true risk exposure,” said Goh Chee Hoh, Managing Director for Malaysia and Nascent Countries, Trend Micro. “We need to talk about risk in a way that frames cybersecurity as a fundamental driver of business growth – helping to bring together IT and business leaders who, in reality, are both fighting for the same cause.”
The research reveals that just 50% of IT leaders and 38% of business decision makers believe the C-suite completely understand cyber risks. Although some think this is because the topic is complex and constantly changing, many believe the C-suite either doesn’t try hard enough (26%) or doesn’t want (20%) to understand.
There’s also disagreement between IT and business leaders over who’s ultimately responsible for managing and mitigating risk. IT leaders are nearly twice as likely as business leaders to point to IT teams and the CISO. 49% of respondents claim that cyber risks are still being treated as an IT problem rather than a business risk.
This friction is causing potentially serious issues: 52% of respondents agree that their organization’s attitude to cyber risk is inconsistent and varies from month to month.
However, 31% of respondents believe cybersecurity is the biggest business risk today, and 66% claiming it has the highest cost impact of any business risk – a seemingly conflicting opinion given the overall willingness to compromise on security.
There are three main ways respondents believe the C-suite will sit up and take notice of cyber risk:
- 62% think it would take a breach of their organization
- 62% it would help if they could better report on and more easily explain the business risk of cyber threats
- 61% say it would make an impact if customers start demanding more sophisticated security credentials
“Compromising on cybersecurity to accelerate digital transformation is not the way forward,” said Dhanya Thakkar, Vice President, Asia Pacific, Middle East and Africa, Trend Micro. “Organizations need to reimagine their enterprise and cloud security, in a way that doesn’t hinder transformation. I invite everyone to join CLOUDSEC 2021 from November 16 to 18. This is a global cloud and cybersecurity event, designed to capture lessons learned by companies undergoing their journey to the cloud, as well as best practices and insights from thought-leaders, empowering organizations to reimagine their security from all possible angles as they rush to adopt new technologies and rethink the way they operate,” concluded Thakkar.
*Trend Micro commissioned Sapio Research to interview 5321 IT and business decision makers from enterprises larger than 250 employees across 26 countries.