Welcome to Cyberstrike Brief, your source for the latest cybersecurity insights in smart manufacturing.

Cybersecurity Leaders Face Board Pressure to Downplay Risks

Trend Micro highlights a credibility gap between IT security leaders and senior executives on cyber risk communication.

Trend Micro Incorporated, a global cybersecurity leader, has released a new report, “The CISO Credibility Gap: How a Communication Breakdown in the Boardroom is Hurting Cyber-Resilience.” In it, Trend Micro reveals that four-fifths (79%) of global cybersecurity leaders have felt boardroom pressure to downplay the severity of cyber risks facing their organization.

Key Takeaways

Of those security leaders who came under pressure from their board, 43% say it is because they are seen as being repetitive or nagging and 42% that they are viewed as overly negative. A third (33%) claim they have been dismissed out of hand.

This points to a serious credibility gap, closely linked to their inability to align cyber with business risk. In fact, 46% say that when they have been able to measure the business value of their cybersecurity strategy, they’ve been viewed with more credibility.

Read More: Latest CISO Network Board Book Adds 250 Cybersecurity Experts

Other benefits of this approach include IT security leaders being:

  • Given more responsibility (45%)
  • Seen as a more valued function (44%)
  • Given more budget (43%)
  • Brought into senior decision making (41%)

Yet at present, a persistent communication gap exists between IT and business leadership.

Only half (54%) of respondents are confident their C-suite completely understands the cyber-risks facing the organisation—a figure that has barely moved since 2021 (50%). Over a third (34%) of respondents say cybersecurity is still treated as part of IT rather than business risk.

Additionally, 80% believe that only a serious breach would incentivise the board to act more firmly on cyber risk.

The heterogeneous cybersecurity environment may be compounding these challenges. Siloed point products across the attack surface generate inconsistent data points, which can make it difficult to tell a clear story about cyber risk to the board.

Read More: Despite Cyber Leaders’ Optimism, 40% Were Recently Hacked

Over half (58%) of respondents believe they’ll need an increase in IT comms skills in order to rectify the situation. But a unified Attack Surface Risk Management (ASRM) platform could eliminate the need for such hefty investments, by delivering consistent and compelling risk insight—potentially in the form of an executive dashboard.

On Record

In a recent quote, Trend Micro’s Technical Director Bharat Mistry said, “Over half of security leaders say cyber is their biggest business risk. But they’re failing to communicate that risk in a language the board understands. As a result they’re ignored, belittled and accused of nagging. Unless they can engage better with senior leadership, corporate cyber-resilience will suffer. The first step is to attain a single source of truth across the attack surface.”

About the Author

Alexis Gajewski, Senior Content Strategist, Plant Services

Alexis Gajewski has over 15 years of experience in the maintenance, reliability, operations, and manufacturing space. She joined Plant Services in 2008 and works to bring readers the news, insight, and information they need to make the right decisions for their plants. Additionally, Alexis works on initiatives for other Endeavor Business Media brands that specialize in the manufacturing industry, and helped launch the group's new podcast series Great Question: A Manufacturing Podcast.

 

You Might Also Like