ESG study reveals prevailing problem of under-prioritized security technology
HONG KONG SAR – 29 January 2021 – Trend Micro Incorporated (TYO: 4704; TSE: 4704), the leader in cloud security, shared results from a sponsored study conducted by the Enterprise Strategy Group (ESG)[1] that reveals systemic challenges with security integration into business processes. The report includes the top ways to drive engagement and agreement around cybersecurity strategies within an organization.
Read a full copy of the report, Cybersecurity in the C-suite and Boardroom (https://resources.trendmicro.com/rs/945-CXD-062/images/ESG-eBook-TrendMicro-Cyber-C-Suite-Boardroom-Dec2020.pdf), or watch this webinar to learn more (https://resources.trendmicro.com/WBN-ESG-Cybersecurity-Boardroom.html?linkId=109490866).
The study found that only 23% of organizations prioritize the alignment of security with key business initiatives. Here are three key recommendations to remedy this core challenge:
- Add a Business Information Security Officer (BISO) to improve business-security alignment.
- Build a top-down, measurable program to help CISOs better communicate with their boards.
- Change reporting structures so CISOs report direct to their CEO.
The study also found that when board members are more educated and engaged in the cybersecurity function, they ask tougher questions, dig deeper into issues, and are more likely to make the leap from technical to business issues.
The vast majority (82%) of survey respondents claimed that cyber risk has increased in the past two years, thanks primarily to a rise in threats, an expanding corporate attack surface and the fact that business processes are more dependent than ever on technology.
Yet despite the rapid adoption of digital transformation processes in the past year, security is still viewed as primarily (41%) or entirely (21%) a technology area.
The lack of cybersecurity prioritization is particularly true in the boardroom. Although 85% of respondents claimed that the board of directors are more engaged in security decisions and strategy than two years ago, often those executives are passively drawn in because of a major breach, new compliance requirements or the creation of a security program by a CISO.
In fact, 44% of respondents indicated that their board of directors have limited involvement in many critical cybersecurity operations. This lack of engagement means many boards are only prepared to fund the bare minimum to meet requirements for compliance and protection.
“Striving for ‘good enough’ security is frankly not good enough given today’s cyber risk landscape. This report mirrors many of my conversations with CISOs highlighting that lack of boardroom engagement can lead to poor cyber hygiene, and security that is not properly integrated into business processes,” said Ed Cabrera, chief cybersecurity officer for Trend Micro. “We can only create a culture of cybersecurity if CEOs and corporate directors lead by example. This encourages every employee to believe they have a role in protecting the organization.”
About Trend Micro
Trend Micro, a global leader in cybersecurity, helps make the world safe for exchanging digital information. Leveraging over 30 years of security expertise, global threat research, and continuous innovation, Trend Micro enables resilience for businesses, governments, and consumers with connected solutions across cloud workloads, endpoints, email, IIoT, and networks.
Our XGen™ security strategy powers our solutions with a cross-generational blend of threat-defense techniques that are optimized for key environments and leverage shared threat intelligence for better, faster protection. With over 6,700 employees in 65 countries, and the world’s most advanced global threat research and intelligence, Trend Micro enables organizations to secure their connected world. www.trendmicro.com.hk