Close Menu
Subscribe
Business and Policy Articles Security Study & Research

Underfunding and Leadership Gaps Weaken Cybersecurity Defenses

Anastasios ArampatzisBy Updated:4 Mins Read
cybersecurity defenses

Despite cyber risk growing at an alarming rate, a recent global study from Trend Micro, highlights that many organizations are failing to implement adequate cybersecurity measures due to a lack of strategic leadership and investment.

Key Findings of the Report

According to the study, which surveyed 2,600 IT leaders across regions including North America, Europe, and APAC, cybersecurity gaps are widening as the attack surface expands. In 2023, Trend Micro blocked 161 billion threats, marking a 10% increase from the previous year. However, despite the surge in digital threats, leadership across many organizations remains indifferent to the severity of these risks.

Alarmingly, 48% of respondents said their leadership did not consider cybersecurity to be their responsibility, leading to a fragmented approach to managing cyber risk. This is a significant concern, particularly as regulators around the world are increasingly demanding accountability from corporate boards. Both the U.S. Securities and Exchange Commission (SEC) and the European Union’s NIS2 directive now require that senior leadership plays a direct role in cybersecurity governance.

A Shortfall in Leadership and Resources

The report underscores that leadership neglect is not the only issue. Many organizations are under-resourced and over-reliant on overstretched IT teams. Nearly 96% of IT leaders expressed concern over the expanding attack surface, with 36% admitting they lacked the means to discover and mitigate high-risk areas. Furthermore, only 36% of the organizations surveyed can afford to have 24/7 cybersecurity coverage due to staffing gaps.

One of the report’s more concerning revelations is the tool sprawl many organizations are experiencing. Siloed and fragmented security tools, and the inability to consolidate data from different cybersecurity platforms are leaving organizations with significant visibility gaps. As a result, 19% of IT leaders admitted they are unable to manage cybersecurity from a unified source of truth, making it even harder to respond quickly to potential threats.

The Cybercrime Industry Thrives

While organizations struggle with internal issues, the cybercriminal underground continues to grow at an unprecedented rate. Worth trillions of dollars, this ecosystem provides everything from ransomware-as-a-service to AI-driven hacking tools, making it easier than ever for even novice attackers to launch sophisticated attacks. As cybercrime continues to evolve, the stakes are higher than ever for businesses that are slow to adapt.

According to the report, over half (54%) of the respondents believe their organization’s attitude toward cybersecurity varies month to month, illustrating the inconsistency in how companies approach risk management. This lack of a long-term strategic vision is a recipe for disaster, leaving organizations vulnerable to attacks that could result in severe financial and business disruptions.

Lack of Accountability: Who’s Responsible?

One of the central issues highlighted by Trend Micro is the confusion around who is responsible for cybersecurity. Only 42% of respondents believe that the CEO should be responsible for mitigating business risks related to cybersecurity, while others believe it should be the CIO (34%), the CISO (26%), or even the CFO (20%). The lack of clarity in roles and responsibilities is causing misalignment in cybersecurity strategy, which in turn hampers the effectiveness of an organization’s defense posture.

As regulatory pressures increase, organizations must adopt a more cohesive and accountable approach to cybersecurity. If leadership continues to push cybersecurity down the chain of command, they risk not only compliance fines but also the severe financial consequences of a breach.

Time to Act

The consequences of inaction are becoming clearer. With more regulations and potential criminal liability on the horizon, it is imperative for business leaders to prioritize cybersecurity as a core business issue. The message from Trend Micro’s study is clear: cybersecurity can no longer be someone else’s problem. It is a boardroom issue, and failure to address it could lead to disastrous consequences for businesses worldwide.

About the Author

  • anastasios arampatzis

    Anastasios Arampatzis is a retired Hellenic Air Force officer with over 20 years of experience managing IT projects and evaluating cybersecurity. He was assigned to various key positions in national, NATO, and EU headquarters and honored by numerous high-ranking officers for his expertise and professionalism during his service - nominated as a certified NATO evaluator for information security. Anastasios’ interests include, among others, cybersecurity policy and governance, ICS and IoT security, encryption, and certificates management. He explores the human side of cybersecurity - the psychology of security, public education, organizational training programs, and the effect of biases (cultural, heuristic, and cognitive) in applying cybersecurity policies and integrating technology into learning. Currently, he is part of the cybersecurity writing team at Bora Design.

The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.

Share.

Related Posts

Information Security Buzz is an independent resource that provides the experts’ comments, analysis, and opinion on the latest Cybersecurity news and topics

Working With Us

Write For Us

The Pages