IT cybersecurity

(Photo by Ina FASSBENDER / AFP)

IT leaders feel organizations still compromising cybersecurity

  • 90% of IT decision-makers claim their business would be willing to compromise on cybersecurity in favor of digital transformation, productivity, or other goals
  • 82% also felt that they have been pressured to downplay the severity of cyber risks to their board
  • A data breach might make organizations prioritize cybersecurity

IT leaders are often tasked to make decisions on cybersecurity and the technologies the company intends to invest in. In the past, the IT department only made a small part of the organization and often had little say on a company. However, this has changed significantly in the last couple of years as more organizations look to digitalize their business.

Today, the IT team is not only responsible for keeping the company running, but also advising the organization on the right decisions to be made, specifically on the types of technologies companies want to use.

In fact, IT employees have been heavily sought after when the Covid-19 pandemic led to remote working for organizations around the world. Yet, despite this, new research by Trend Micro showed that 90% of IT decision-makers claim their business would be willing to compromise on cybersecurity in favor of digital transformation, productivity, or other goals.

Additionally, 82% also felt that they have been pressured to downplay the severity of cyber risks to their board. The research reveals that just 50% of IT leaders and 38% of business decision-makers believe the C-suite completely understands cyber risks. Although some think this is because the topic is complex and constantly changing, many believe the C-suite either doesn’t try hard enough (26%) or doesn’t want (20%) to understand.

According to Goh Chee Hoh, Managing Director for Malaysia and Nascent Countries, Trend Micro, IT leaders are self-censoring in front of their boards for fear of appearing repetitive or too negative, with almost a third claiming this is a constant pressure. Goh explained that this will only perpetuate a vicious cycle where the C-suite remains ignorant of its true risk exposure.

“We need to talk about risk in a way that frames cybersecurity as a fundamental driver of business growth – helping to bring together IT and business leaders who, in reality, are both fighting for the same cause,” added Goh.

When it comes to IT decisions, cybersecurity should not be an afterthought. This mindset has led to organizations facing numerous breaches in the past. At often, when a company suffers a cyber breach, the IT team will be blamed for not taking enough precautions. But further research into the problem would normally indicate that the IT team had highlighted the problem, only to be ignored for other priorities.

As companies continue their transformation journey, every aspect of it is a potential security vulnerability. For example, a business intending to use the cloud for their remote working employees would need to get their IT team to advise on the cybersecurity vulnerabilities that could affect them.

Interestingly, the study also showed that there’s also disagreement between IT and business leaders over who’s ultimately responsible for managing and mitigating risk. IT leaders are nearly twice as likely as business leaders to point to IT teams and the CISO. 49% of respondents claim that cyber risks are still being treated as an IT problem rather than a business risk.

This friction is causing potentially serious issues. 52% of respondents agree that their organization’s attitude to cyber risk is inconsistent and varies from month to month. However, 31% of respondents believe cybersecurity is the biggest business risk today, and 66% claim it has the highest cost impact of any business risk – a seemingly conflicting opinion given the overall willingness to compromise on security.

Ultimately, the IT team feels there are three main ways the C-suite will sit up and take notice of cyber risk:

  • A data breach to their organization
  • Customers demanding more sophisticated security credentials
  • An easier way to report and explain the risk of cyber threats.

“Compromising on cybersecurity to accelerate digital transformation is not the way forward. Organizations need to reimagine their enterprise and cloud security, in a way that doesn’t hinder transformation,” said Dhanya Thakkar, Vice President, Asia Pacific, Middle East, and Africa, Trend Micro.