The survey reveals a serious gap in IT credibility with management
Research of Trend Micro, a global leader in cybersecurity, reveals that 79% of digital security leaders feel pressure to minimize the severity of cyber risks faced by organizations. Around a third of these have a completely disregarded opinion, according to the international study commissioned by Sapio Research.
In total, more than 2,600 IT leaders were interviewed. Of those who feel pressured, 43% say they are seen as “repetitive” or “irritating” and 42% believe they have an excessively negative image within the corporation. This points to a serious credibility gap with management, related to the inability to relate security to business risk. However, 46% admit that when they can measure the commercial value of the cybersecurity strategy they are respected.
“More than half of IT leaders admit that cybersecurity is their biggest business risk, but they fail to communicate that risk in language that management understands. As a result, they are ignored, belittled and accused of harassment”, highlights Bharat Mistry, Director of Technology at Trend Micro. “Unless they can interact better with the board, cyber resilience will suffer consequences”, he warns.
The approach can bring the following benefits:
- More responsibility (45%)
- Valuation of activity (44%)
- Budget expansion (43%)
- Promotion to senior decision maker (41%)
Regarding the persistent communication gap between IT and business leadership, only 54% of respondents are confident that the C-suite fully understands the cyber risks facing the organization – a number that has changed little since 2021 (50%). More than a third (34%) of respondents say cybersecurity is still treated as part of IT rather than a business risk factor.
Furthermore, 80% of practitioners believe that only a serious breach would prompt the board to act more strongly on cyber risk. The heterogeneous cybersecurity environment may also be compounding this challenge. Isolated products across the entire attack surface generate inconsistent data, which can make it difficult to convey a clear story about cyber risk to the board.
More than half (58%) of respondents believe there needs to be an increase in IT communication skills to rectify the situation. One solution would be to adopt a unified Attack Surface Risk Management (ASRM) platform. Attack Surface Risk Management), which provides consistent insights into risks, with intuitive dashboards and clear, actionable cybersecurity metrics.
“Companies need to have good visibility of the operation to act quickly and effectively when an incident arises, and this is only possible through fully automated analyses, with constant risk assessment, carried out using appropriate tools”, points out Cesar Candido, general director of Trend Micro Brazil.
