90 percent of IT decision makers believe organisations compromise on cybersecurity in favour of other goals
According to recent research report from Trend Micro, 90% of IT decision makers said their business would be ready to sacrifice on cybersecurity in order to achieve digital transformation, productivity, or other objectives. In addition, 82 percent have felt compelled to downplay the severity of cyber threats to their board members.
Bharat Mistry, UK technical director for Trend Micro, said “IT leaders are self-censoring in front of their boards for fear of appearing repetitive or too negative, with almost a third claiming this is a constant pressure. But this will only perpetuate a vicious cycle where the C-suite remains ignorant of its true risk exposure,”
“We need to talk about risk in a way that frames cybersecurity as a fundamental driver of business growth – helping to bring together IT and business leaders who, in reality, are both fighting for the same cause.”
Phil Gough, Head of Information Security and Assurance at Nuffield Health, said “IT decision makers should never have to downplay the severity of cyber risks to the Board. But they may need to modify their language so both sides understand each other,”
“That’s the first step to aligning business-cybersecurity strategy, and it’s a crucial one. Articulating cyber risks in business terms will get them the attention they deserve, and help the C-suite to recognise security as a growth enabler, not a block on innovation.”
According to the research study, only 50% of IT leaders and 38% of business decision makers believe the C-suite understands cyber risks completely. Although some say this is due to the topic’s complexity and rapid change, many others believe the C-suite either does not strive hard enough (26%) or does not want to understand (20%).
IT and business leaders also argue on who is ultimately accountable for risk management and mitigation. IT teams and CISO are mentioned nearly twice as likely by IT leaders as they are by business leaders. According to 49% of respondents, cyber risks are still considered as an IT issue rather than a business risk.
However, 31 percent of respondents believe cybersecurity is today’s biggest business risk, and 66 percent believe it has the highest cost impact of any business risk — a seemingly contradictory viewpoint given the overall readiness to compromise on security.
The C-suite will sit up and take note of cyber risk in three ways, according to respondents:
* 62 percent believe it would take a breach of their organization
* According to 62 percent, it would help if they could better report on and more easily explain the business risk of cyber threats.
* If customers are demanding more complex security credentials, 61 percent of respondents said it would make an impact.