IT decision makers pressured to compromise on cybersecurity

November 16, 2021 // By Jean-Pierre Joosting
IT decision makers pressured to compromise on cybersecurity
Study reveals urgent need for new way to discuss business risk as decision makers believe organizations compromise on cybersecurity in favour of other goals

Trend Micro Incorporated has announced new research revealing that 90% of IT decision makers claim their business would be willing to compromise on cybersecurity in favor of digital transformation, productivity, or other goals. Additionally, 82% have felt pressured to downplay the severity of cyber risks to their board.

"IT leaders are self-censoring in front of their boards for fear of appearing repetitive or too negative, with almost a third claiming this is a constant pressure. But this will only perpetuate a vicious cycle where the C-suite remains ignorant of its true risk exposure," said Bharat Mistry, UK technical director for Trend Micro. "We need to talk about risk in a way that frames cybersecurity as a fundamental driver of business growth – helping to bring together IT and business leaders who, in reality, are both fighting for the same cause.”

"IT decision makers should never have to downplay the severity of cyber risks to the Board. But they may need to modify their language so both sides understand each other," said Phil Gough, Head of Information Security and Assurance at Nuffield Health. "That's the first step to aligning business-cybersecurity strategy, and it's a crucial one. Articulating cyber risks in business terms will get them the attention they deserve, and help the C-suite to recognise security as a growth enabler, not a block on innovation.”

The research reveals that just 50% of IT leaders and 38% of business decision makers believe the C-suite completely understand cyber risks. Although some think this is because the topic is complex and constantly changing, many believe the C-suite either doesn't try hard enough (26%) or doesn't want (20%) to understand.

There's also disagreement between IT and business leaders over who's ultimately responsible for managing and mitigating risk. IT leaders are nearly twice as likely as business leaders to point to IT teams and the CISO. 49% of respondents claim that cyber risks are still being treated as an IT problem rather than a business risk.


Vous êtes certain ?

Si vous désactivez les cookies, vous ne pouvez plus naviguer sur le site.

Vous allez être rediriger vers Google.