90% of IT decision makers heard believe that organizations are more focused on digital transformation and productivity
Research released by Trend Micro, the world leader in cybersecurity solutions, shows that 90% of IT decision makers believe companies are jeopardizing cybersecurity for the sake of digital transformation, productivity and other goals. In addition, 82% feels pressured to minimize the severity of cyber risks for board members.
The survey, commissioned by Trend Micro to Sapio Research, polled 5,321 IT and business decision makers from companies with more than 250 employees in 26 countries. The interviews revealed that only 50% of IT leaders and 38% of business decision makers believe that senior executives (C-Level or C-Suite) fully understand cyber risks. While some think this is because the topic is complex and constantly changing, many believe that C-Level members don't try hard enough (26%) or don't want (20%) to understand.
“IT leaders are censoring themselves in front of their Boards for fear of appearing repetitive or too negative, with nearly a third stating that this is constant pressure. But this attitude will only perpetuate a vicious cycle where C-Levels will continue to ignore the risks,” says Bharat Mistry, UK Technical Director at Trend Micro. "We need to talk about threats in a way that security becomes the driving force behind business growth, helping to bring IT and business leaders together, as in reality they are both on the same side."
Phil Gough, Head of Information Security at Nuffield Health, the UK's largest healthcare charity, advises IT decision makers not to minimize the severity of cyber risks to the board, and suggests they change their language to make it easier to Communication. “This is the first step in aligning the cybersecurity strategy with the business, and it is crucial. Articulating cyber risks within the business vision will attract the attention they deserve and help senior management recognize security as an enabler of growth, not an impediment to innovation,” says Phil.
Research shows that IT and business leaders disagree on who should be responsible for managing and mitigating risk. IT leaders are nearly twice as likely as business leaders to point to IT teams and the CISO; and 49% of respondents say digital threats are still being treated as an IT issue rather than a business risk.
This friction is causing serious problems: 52% of respondents agree that their organization's attitude towards cyber risk is inconsistent and varies from month to month.
However, 31% of the Ears believes cybersecurity is the biggest risk in business today, and 66% believes it has the greatest cost impact than any other risk.
Respondents believe that executives would become aware of cyber risk if:
• the organization suffered a data breach (62%);
• they could better and more easily explain the risk of cyber attacks to the business (62%);
• users began to demand more sophisticated security credentials (61%)
“To make cybersecurity a board issue, Level-C has to come to see it as a true business enabler,” said Marc Walsh, Corporate Security Architect at Coillte, the Irish forestry company. “This will have IT and security leaders articulate their challenges to the board using the language of enterprise risk. And it will require investments and proactivity from the top of the company, and not just palliative solutions after a violation.”
To read the full report of the survey carried out by Sapio Research, click ON HERE
EN 
PT 
