An overwhelming majority (90%) of IT decision makers claim their business would be willing to compromise on cybersecurity in favor of digital transformation, productivity, or other goals, suggests a new survey.
Conducted by Trend Micro, the survey focuses on the psychology of risk within an organization. Comparing the attitudes of IT and business leaders, the survey finds that 82% of IT decision makers have felt pressured to downplay the severity of cyber risks to their board.
“IT leaders are self-censoring in front of their boards for fear of appearing repetitive or too negative, with almost a third claiming this is a constant pressure. But this will only perpetuate a vicious cycle where the C-suite remains ignorant of its true risk exposure,” suggests Bharat Mistry, UK technical director for Trend Micro.
We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.
He suggests that IT leaders should talk about risk in a way that frames cybersecurity as a fundamental driver of business growth, in order to get them on the same platform as the business leaders.
Change the tone
According to the research only half of the IT leaders, and 38% of business decision makers believe that C-suite executives completely grasp cyber risks.
While some think this is because the topic is complex, many believe it is because the C-suite executives either don't try hard enough (26%) or don't want (20%) to understand.
Not surprisingly, 49% of respondents claim that cyber risks are still being treated as an IT problem rather than a business risk.
Phil Gough, Head of Information Security and Assurance at Nuffield Health believes that instead of downplaying the severity of cyber risks to the Board, IT decision makers should try to modify their language so both sides understand each other.
“That’s the first step to aligning business-cybersecurity strategy, and it’s a crucial one. Articulating cyber risks in business terms will get them the attention they deserve, and help the C-suite to recognize security as a growth enabler, not a block on innovation,” suggests Gough.
Highlighting another point of contention, the survey suggests that there’s also disagreement between IT and business leaders over who’s ultimately responsible for managing and mitigating risk. It finds that IT leaders are nearly twice as likely as business leaders to point the finger to IT teams.