Despite cyber risk growing at an alarming rate, a recent global study from Trend Micro, highlights that many organizations are failing to implement adequate cybersecurity measures due to a lack of strategic leadership and investment.
Key Findings of the Report
According to the study, which surveyed 2,600 IT leaders across regions including North America, Europe, and APAC, cybersecurity gaps are widening as the attack surface expands. In 2023, Trend Micro blocked 161 billion threats, marking a 10% increase from the previous year. However, despite the surge in digital threats, leadership across many organizations remains indifferent to the severity of these risks.
Alarmingly, 48% of respondents said their leadership did not consider cybersecurity to be their responsibility, leading to a fragmented approach to managing cyber risk. This is a significant concern, particularly as regulators around the world are increasingly demanding accountability from corporate boards. Both the U.S. Securities and Exchange Commission (SEC) and the European Union’s NIS2 directive now require that senior leadership plays a direct role in cybersecurity governance.
A Shortfall in Leadership and Resources
The report underscores that leadership neglect is not the only issue. Many organizations are under-resourced and over-reliant on overstretched IT teams. Nearly 96% of IT leaders expressed concern over the expanding attack surface, with 36% admitting they lacked the means to discover and mitigate high-risk areas. Furthermore, only 36% of the organizations surveyed can afford to have 24/7 cybersecurity coverage due to staffing gaps.
One of the report’s more concerning revelations is the tool sprawl many organizations are experiencing. Siloed and fragmented security tools, and the inability to consolidate data from different cybersecurity platforms are leaving organizations with significant visibility gaps. As a result, 19% of IT leaders admitted they are unable to manage cybersecurity from a unified source of truth, making it even harder to respond quickly to potential threats.
The Cybercrime Industry Thrives
While organizations struggle with internal issues, the cybercriminal underground continues to grow at an unprecedented rate. Worth trillions of dollars, this ecosystem provides everything from ransomware-as-a-service to AI-driven hacking tools, making it easier than ever for even novice attackers to launch sophisticated attacks. As cybercrime continues to evolve, the stakes are higher than ever for businesses that are slow to adapt.
According to the report, over half (54%) of the respondents believe their organization’s attitude toward cybersecurity varies month to month, illustrating the inconsistency in how companies approach risk management. This lack of a long-term strategic vision is a recipe for disaster, leaving organizations vulnerable to attacks that could result in severe financial and business disruptions.
Lack of Accountability: Who’s Responsible?
One of the central issues highlighted by Trend Micro is the confusion around who is responsible for cybersecurity. Only 42% of respondents believe that the CEO should be responsible for mitigating business risks related to cybersecurity, while others believe it should be the CIO (34%), the CISO (26%), or even the CFO (20%). The lack of clarity in roles and responsibilities is causing misalignment in cybersecurity strategy, which in turn hampers the effectiveness of an organization’s defense posture.
As regulatory pressures increase, organizations must adopt a more cohesive and accountable approach to cybersecurity. If leadership continues to push cybersecurity down the chain of command, they risk not only compliance fines but also the severe financial consequences of a breach.
Time to Act
The consequences of inaction are becoming clearer. With more regulations and potential criminal liability on the horizon, it is imperative for business leaders to prioritize cybersecurity as a core business issue. The message from Trend Micro’s study is clear: cybersecurity can no longer be someone else’s problem. It is a boardroom issue, and failure to address it could lead to disastrous consequences for businesses worldwide.
Anastasios Arampatzis is a cybersecurity content strategist, writer, and consultant with expertise in cybersecurity, digital identity, and regulatory compliance. Tassos has a strong background in creating thought leadership content, marketing materials, and strategic communications tailored to CISOs, security professionals, and business leaders. He has contributed to various cybersecurity publications and collaborates with organizations to develop compelling, insightful content that addresses industry challenges. He is a privacy advocate and a member of the ISC2 Hellenic Chapter. Before joining Bora, Tassos was an Hellenic Air Force Officer with a solid background on IT and Infosec.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.