Despite cyber risks growing at an alarming rate, a recent global survey by Trend Micro reveals that many organizations are failing to implement adequate cybersecurity measures due to a lack of strategic leadership and investment.
Key findings of the report
According to a survey of 2,600 IT leaders across regions including North America, Europe, and Asia Pacific, cybersecurity gaps are widening as the attack surface expands. In 2023, Trend Micro blocked 161 billion threats, marking a 10% increase over the previous year. Yet, despite the surge in digital threats, leaders of many organizations remain apathetic to the seriousness of these risks.
A shocking 48% of respondents said that their executive team does not view cybersecurity as their responsibility and that their approach to managing cyber risk is fragmented. This is a major concern, especially as regulators around the world increasingly demand accountability from corporate boards of directors. Both the U.S. Securities and Exchange Commission (SEC) and the European Union’s NIS2 Directive mandate that senior management be directly involved in the governance of cybersecurity.
Lack of leadership and resources
The report highlights that leadership inaction is not the only problem. Many organizations are under-resourced and over-reliant on overstretched IT teams. Nearly 96% of IT leaders are concerned about the expanding attack surface, and 36% admit they lack the means to discover and mitigate high-risk areas. Additionally, only 36% of surveyed organizations are able to ensure 24/7 cybersecurity coverage due to a lack of staffing.
One concern uncovered in the report is the tool sprawl many organizations are experiencing. Siloed and fragmented security tools, and the inability to integrate data from various cybersecurity platforms, are creating significant visibility gaps for organizations. As a result, 19% of IT leaders admit they can’t manage cybersecurity from a unified source of truth, making it even more difficult to respond quickly to potential threats.
The Thriving Cybercrime Industry
While organizations struggle with internal issues, the cybercriminal underground continues to expand at an unprecedented rate. Valued at trillions of dollars, this ecosystem offers everything from ransomware-as-a-service to AI-driven hacking tools, making it easier than ever for even novice attackers to launch sophisticated attacks. As cybercrime continues to evolve, the risks have never been higher for companies that are slow to adapt.
The report found that more than half (54%) of respondents believe their organization’s posture towards cybersecurity changes from month to month, highlighting inconsistencies in how businesses approach risk management. A lack of long-term strategic vision is a recipe for disaster, leaving organizations vulnerable to attacks that could cause serious financial and operational disruption.
Lack of accountability: Who is responsible?
One of the core issues identified by Trend Micro is confusion over who is responsible for cybersecurity. Only 42% of respondents believe the CEO is responsible for mitigating business risks related to cybersecurity, while others believe it falls on the CIO (34%), CISO (26%) or even the CFO (20%). Lack of clarity in roles and responsibilities leads to inconsistent cybersecurity strategies and makes organizations’ defenses less effective.
As regulatory pressures increase, organizations must adopt a more unified and responsible approach to cybersecurity. If management continues to push cybersecurity down the chain of command, they risk not only fines for non-compliance, but also serious financial loss for non-compliance.
Time to take action
The consequences of inaction are becoming increasingly clear. With increased regulation and the possibility of criminal charges on the rise, business leaders must prioritize cybersecurity as a core business issue. The message from Trend Micro’s research is clear: cybersecurity is no longer someone else’s problem. It’s a boardroom issue, and if not addressed, it could have dire consequences for businesses around the world.
The opinions expressed in this post are those of the individual poster and do not necessarily reflect the views of Information Security Buzz.
