HONG KONG SAR - Media
OutReach - 16 November 2021 - Trend Micro Incorporated (TYO: 4704; TSE:
4704), a global cybersecurity leader, today
announced new research* revealing that 90% of IT
decision makers claim their business would be willing to compromise on
cybersecurity in favor of digital transformation, productivity, or other goals.
Additionally, 82% have felt pressured to downplay the severity of cyber risks
to their board.
To read a full copy of the report, please visit: https://www.trendmicro.com/explore/en_gb_trendmicro-global-risk-study
"IT leaders are self-censoring in front of their boards for fear of
appearing repetitive or too negative, with almost a third claiming this is a
constant pressure. But this will only perpetuate a vicious cycle where the
C-suite remains ignorant of its true risk exposure," said Bharat Mistry, UK
technical director for Trend Micro. "We need to talk about risk in a way that
frames cybersecurity as a fundamental driver of business growth – helping to
bring together IT and business leaders who, in reality, are both fighting for
the same cause."
"IT decision makers should never have to downplay the severity of cyber risks
to the Board. But they may need to modify their language so both sides understand
each other," said Phil Gough, Head of Information Security and Assurance at
Nuffield Health. "That's the first step to aligning business-cybersecurity
strategy, and it's a crucial one. Articulating cyber risks in business terms
will get them the attention they deserve, and help the C-suite to recognise
security as a growth enabler, not a block on innovation."
The research reveals that just 50% of IT leaders and 38% of business
decision makers believe the C-suite completely understand cyber risks. Although
some think this is because the topic is complex and constantly changing, many
believe the C-suite either doesn't try hard enough (26%) or doesn't want (20%)
There's also disagreement between IT and business leaders over who's
ultimately responsible for managing and mitigating risk. IT leaders are nearly
twice as likely as business leaders to point to IT teams and the CISO. 49% of
respondents claim that cyber risks are still being treated as an IT problem
rather than a business risk.
This friction is causing potentially serious issues: 52% of
respondents agree that their organization's attitude to cyber risk is
inconsistent and varies from month to month.
However, 31% of respondents believe cybersecurity is the biggest
business risk today, and 66% claiming it has the highest cost impact of any
business risk – a seemingly conflicting opinion given the overall willingness
to compromise on security.
There are three main ways respondents believe the C-suite will sit up
and take notice of cyber risk:
- 62% think it would take a breach of their
- 62% it would help if they could better report on
and more easily explain the business risk of cyber threats
- 61% say it would make an impact if customers
start demanding more sophisticated security credentials
"To make cybersecurity a board-level issue, the C-suite must come to
view it as a true business enabler," said Marc Walsh, Enterprise Security Architect at Coillte. "This
will prompt IT and security leaders to articulate their challenges to the board
in the language of business risk. And it will require prioritized, proactive
investments from the boardroom – not just band-aid solutions following a
*Trend Micro commissioned Sapio Research to interview 5321 IT and
business decision makers from enterprises larger than 250 employees across 26