More C-Suite Engagement Needed in 2022 to Mitigate Cyber Risk: Trend Micro

Trend Micro Incorporated has published new research* revealing that persistently low IT/C-suite engagement may imperil investments and expose organizations to increased cyber risk. In Canada 93% of the IT and business decision makers surveyed expressed particular concern about ransomware attacks.

To read a full copy of the global report, please visit: https://www.trendmicro.com/explore/en_gb_trendmicro-global-risk-study

Despite widespread concern over spiralling threats, the study found that only 2-in-5 (42%) of responding IT teams discuss cyber risks with the C-suite at least weekly.

Fortunately, current investment in cyber initiatives is not critically low. Just under half (46%) of respondents claimed their organization is spending most on “cyber-attacks” to mitigate business risk. This was the most popular answer, above more typical projects like digital transformation (40%) and workforce transformation (32%). In addition, nearly half (44%) said they have recently increased investments to mitigate the risks of ransomware attacks and security breaches.

However, low C-suite engagement combined with increased investment suggests a tendency to ‘throw money’ at the problem rather than develop an understanding of the cybersecurity challenges and invest appropriately. This approach may undermine more effective strategies and risk greater financial loss. 1-out-of-2 respondents (50%) said that cyber threats were an IT problem, while just 34% found it to be an overall business risk. Less than half (40%) of respondents claimed concepts like “cyber risk” and “cyber risk management” were known extensively in their organization. Even more troubling, 8% of respondents said that their company does not assess cyber risk at all. 

Three quarters of Canadian respondents (75%) want to hold more people in the organization responsible for managing and mitigating these risks, which would help to drive an enterprise-wide culture of “security by design.” The largest group of respondents (32%) favoured holding CEOs responsible. Other non-IT roles cited by respondents included CFOs (26%) and CMOs (14%). 

The study follows previous Trend Micro Research revealing a worrying cybersecurity disconnect between business and IT leaders – perpetuated by self-censorship from cyber experts and disagreements over who is ultimately responsible.

*Trend Micro commissioned Sapio Research to interview 5321 IT and business decision makers from enterprises larger than 250 employees across 26 countries​.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: