Is more C-Suite engagement needed to mitigate cyber risk?

Cloud security company Trend Micro says new research reveals a widespread concern among IT/C-Suite about the growing threat from ransomware

Cloud security company Trend Micro has published new research revealing that persistently low IT/C-suite engagement may imperil investments and expose organisations to increased cyber risk. Over 90 per cent of the IT and business decision makers surveyed expressed particular concern about ransomware attacks.

Trend Micro commissioned Sapio Research to interview 5,321 IT and business decision makers from enterprises larger than 250 employees across 26 countries​ for the research. Despite widespread concern over spiralling threats, the study found that only around half (57%) of responding IT teams discuss cyber risks with the C-suite at least weekly.

Eva Chen, CEO of Trend Micro says: “Vulnerabilities used to go months or even years before being exploited after their discovery. Now it can be hours, or even sooner. More executives than ever understand that they have a responsibility to be informed, but they often feel overwhelmed by how rapidly the cybersecurity landscape evolves. IT leaders need to communicate with their board in such a way that they can understand where the organisation’s risk is and how they can best manage it.”

Trend Micro found that current investment in cyber initiatives is not critically low. Just under half (42%) of respondents claimed their organisation is spending most on cyberattacks to mitigate business risk. This was the most popular answer, above more typical projects like digital transformation (36%) and workforce transformation (27%). Around half (49%) said they have recently increased investments to mitigate the risks of ransomware attacks and security breaches.

However, low C-suite engagement combined with increased investment suggests a tendency to ‘throw money’ at the problem rather than develop an understanding of the cybersecurity challenges and invest appropriately. This approach may undermine more effective strategies and risk greater financial loss. Less than half (46%) of respondents claimed concepts like “cyber risk” and “cyber risk management” were known extensively in their organisation.

Most (77%) want to hold more people in the organisation responsible for managing and mitigating these risks, which would help to drive an enterprise-wide culture of “security by design.” The largest group of respondents (38%) favoured holding CEOs responsible. Other non-IT roles cited by respondents included CFOs (28%) and CMOs (22%).  

The study follows previous Trend Micro Research revealing a worrying cybersecurity disconnect between business and IT leaders – perpetuated by self-censorship from cyber experts and disagreements over who is ultimately responsible.


Share

Featured Articles

Trustwave Reveals the Financial Sector's Cyber Threats

Although it's not new to think that financial services organisations are prime targets for cybercriminals, the threat landscape they find themselves in is

TCS and Google Cloud Join for Solution to Secure the Cloud

TCS partners with Google Cloud to launch a range of AI-powered cybersecurity solutions to help businesses secure their clouds against advanced threats

Cybersecurity Conglomerate Reveals Threats Facing Consumers

Cybersecurity Conglomerate Gen quarterly report reveals shocking statistics like the fact that consumers are now increasingly at risk from Ransomware

Decoding the US' Most Misunderstood Data Security Terms

Cyber Security

Orange Cyberdefense's Wicus Ross Talks Cyber Extortion Trend

Hacking & Malware

Palo Alto Networks Buy IBM's QRadar Assets in Win for SIEM

Network Security