C-suite Indifference to Cyber Could Cost Business £145k
In an era dominated by digital operations, businesses navigate a precarious landscape fraught with cyber threats.
Recent statistics reveal a concerning trend: cloud intrusions have surged by 75%, according to a CrowdStrike report, and cyberattacks have more than doubled since the pandemic's onset, as per the IMF.
Therefore, the impetus for taking cybersecurity seriously is obvious. Yet, a recent study by cybersecurity software company Trend Micro claims it has not been made clear enough.
Cybersecurity's communication challenge
The research, conducted with UK IT security leaders, shows their belief that it would take a £145,000 (US$183,000) cyber incident for their respective C-suites to get into a firm action against the threat.
The findings of the study revealed 74% feel pressured to downplay the severity of cyber risks in the boardroom, fearing repercussions ranging from being perceived as repetitive to overly negative. In fact, several claim they have been dismissed as being out of hand (33%) to the board and 36% say they are still treated as part of IT, rather than gaining recognition for being a key cog for mitigating business risk.
This ambivalence is despite 60% of respondents identify cybersecurity as the biggest risk to their business. Less than half (46%) are confident their C-Suite completely understands the cyber risks facing their organisation.
“When IT security leaders are being treated like they are nagging or overly negative by executives that don’t fully understand the risks facing their organisation, it’s no surprise that they believe that a costly cyber incident is the only way that would get them to act," said Bharat Mistry, Technical Director UK & Ireland at Trend Micro.
The cost of ignorance
Ramifications of these assaults are not merely confined to costs associated with data recovery, system reinstatement, or ransom payments.
Following tighter rules surrounding personal information, implemented through EU directives like GDPR, the financial toll associated with attacks can be staggering.
US credit reporting agency Equifax was compelled to shell out over US$1 billion in penalties following a major data breach in 2017, which saw 150 million consumers data affected.
Similarly, in 2013, cyber thieves orchestrated a large-scale attack against Target, a US retail giant. This cyber assault resulted in the compromise of sensitive personal information belonging to millions of customers. What's particularly alarming is that prior to the attack, Target's security team had issued warnings about vulnerabilities in their system. However, these warnings were allegedly not addressed with the urgency they warranted.
This apathy towards cybersecurity at the highest levels of corporate governance is profoundly troubling. Many security leaders lament being dismissed out of hand when attempting to raise critical issues with the board, further exacerbating the gaping chasm between IT security and business leadership.
The consequences of this communication breakdown are dire, extending far beyond the confines of the boardroom. It fosters a culture where cybersecurity is deprioritised in favour of initiatives perceived to deliver immediate business value, such as digital transformation and hybrid working arrangements.
Communicating cyber to C-suites
However, amidst this bleak landscape, glimmers of hope emerge. IT security leaders are taking proactive measures to bridge the credibility chasm in the boardroom.
The report explains how by adapting their security approach to demonstrate tangible business value through key performance indicators and future-proofing strategies, IT security leaders can gain ground.
The implementation of metrics to measure the efficacy of cybersecurity strategies has yielded tangible results, with 98% attributing positive changes in the business to this approach. These changes range from enhanced credibility to increased budget allocations, underscoring the pivotal role of metrics in bolstering the stature of IT security within organisations.
Looking ahead, the study shows cybersecurity leaders recognise the imperative of upskilling their teams to navigate the evolving threat landscape, particularly in interpreting AI-generated data. By harnessing the power of technology and honing their communication skills, they aim to chart a course towards a future where cybersecurity is not merely an afterthought but an integral component of business resilience.
In closing the credibility gap that plagues boardrooms worldwide, it highlights how IT security leaders must leverage the right tools and insights to command the attention and respect of the C-suite. By presenting a unified front and articulating the business value of cybersecurity in clear, concise terms, they can pave the way for a future where businesses are fortified against the perils of cyber threats.
By heeding the lessons gleaned from past missteps and listening to cybersecurity teams, that £145k can instead be invested in cybersecurity rather than spent cleaning up after an attack.
- Use plain language
- Align cybersecurity with business objectives
- Focus on clear risks
- Report regularly and succinctly
******
Make sure you check out the latest edition of Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024
******
Cyber Magazine is a BizClik brand