top of page
Search

IT Security Leaders Are Failing to Close a Boardroom Credibility Gap

  • Most security bosses are pressured to soften their language, according to a global study report by Trend Micro

  • Trend Micro commissioned Sapio Research to interview 2600 IT leaders with responsibility for cybersecurity in their organisation—across LATAM, APAC, North America, Europe and the Middle East. Respondents hailed from organisations of all sizes and across multiple verticals.


Trend Micro Incorporated (TYO: 4704; TSE: 4704) recently revealed that four-fifths (79%) of global cybersecurity leaders have felt boardroom pressure to downplay the severity of cyber risks facing their organisation.


"Over half of security leaders say cyber is their biggest business risk. But they're failing to communicate that risk in a language the board understands. As a result they're ignored, belittled and accused of nagging," said Trend Micro's Technical Director Bharat Mistry. "Unless they can engage better with senior leadership, corporate cyber-resilience will suffer. The first step is to attain a single source of truth across the attack surface."

Of those security leaders who came under pressure from their board, 43% say it is because they are seen as being repetitive or nagging and 42% that they are viewed as overly negative. A third (33%) claim they have been dismissed out of hand.


This points to a serious credibility gap, closely linked to their inability to align cyber with business risk. In fact, 46% say that when they have been able to measure the business value of their cybersecurity strategy, they've been viewed with more credibility.


The credibility gap


This disconnect between IT/cyber and business leadership is manifested in one other very obvious and damaging way. Some 79% of global cybersecurity leaders have felt boardroom pressure to downplay the severity of cyber risks facing their organisation. Of these, 43% say it is because they are seen as being “repetitive” or “nagging”, and 42% that they are viewed as overly negative. A third (33%) claim they have been dismissed out of hand.


Other benefits of this approach include IT security leaders being:

  • Given more responsibility (45%)

  • Seen as a more valued function (44%)

  • Given more budget (43%)

  • Brought into senior decision making (41%)

Yet at present, a persistent communication gap exists between IT and business leadership.


Only half (54%) of respondents are confident their C-suite completely understands the cyber-risks facing the organisation—a figure that has barely moved since 2021 (50%). Over a third (34%) of respondents say cybersecurity is still treated as part of IT rather than business risk.


Additionally, 80% believe that only a serious breach would incentivise the board to act more firmly on cyber risk.


The heterogeneous cybersecurity environment may be compounding these challenges. Siloed point products across the attack surface generate inconsistent data points, which can make it difficult to tell a clear story about cyber risk to the board.


Over half (58%) of respondents believe they'll need an increase in IT comms skills in order to rectify the situation. But a unified Attack Surface Risk Management (ASRM) platform could eliminate the need for such hefty investments, by delivering consistent and compelling risk insight—potentially in the form of an executive dashboard.

3 views0 comments
connexion_panel_edited.jpg
CXO_8-in-1.png
subscribe_button.png

 

Disclaimer:

The information contained in this site is for reference only. While we have made every attempt to ensure that the information contained in this site has been obtained from reliable sources, we are not responsible for any errors or omissions, or for the results obtained from the use of this information. All information in this site is provided "as is", with no guarantee of completeness, accuracy, timeliness or of the results obtained from the use of this information, and without warranty of any kind, express or implied, including, but not limited to warranties of performance, merchantability and fitness for a particular purpose. In no event will Ho Hon Asia Limited, its related partnerships or corporations, or the partners, agents or employees thereof be liable to you or anyone else for any decision made or action taken in reliance on the information in this site or for any consequential, special or similar damages, even if advised of the possibility of such damages.
Certain links in this site connect to other websites maintained by third parties over whom we have no control. We make no representations as to the accuracy or any other aspect of information contained in other websites.

2024 @ Inno-Thought and its affiliates. All rights reserved.

bottom of page