Australian IT Security Leaders Are Failing to Close the Boardroom Credibility Gap

Trend Micro reveals that 73% of Australian security leaders are pressured to downplay the severity of cyber risks to their boards, and the C-Suite needs the incentive of $300k in losses before they take firm action.

SYDNEY, May 20, 2024 – Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global cybersecurity leader, today revealed that more than three-quarters (76%) of Australian technology leaders agree that cyber-attacks have the highest cost impact among all business risks, yet only about half (55%) think their C-Suite completely understands the magnitude of these imminent cyber risks. Moreover, the research showed that losses have to reach $300,000 on average, before the C-Suite is incentivised to take more firm action on cyber risks. This highlights a stark and concerning gap in understanding between IT security leaders and their boardroom, regarding the state of the threat landscape.

These findings are uncovered in Trend Micro’s latest Cyber Risk and Dividends report which surveys 100 Australian business leaders across key sectors, including software, retail, and financial services to understand how attitudes towards cyber risks have changed in recent years.

To read more on Trend Micro’s latest global research, please visit: https://www.trendmicro.com/explore/thecisocredibilitygap/2608-tl-en-rpt

About three-quarters (73%) of local cybersecurity leaders have felt boardroom pressure to downplay the severity of cyber risks facing their organisation.

Of those security leaders who came under pressure from their board, 44% say it is because they are seen as being repetitive or nagging and 41% say that they are viewed as overly negative. More than a third (37%) claim they have been dismissed out of hand.

“Despite clear evidence of an increasingly aggressive threat landscape, our research is telling of the pressures security leaders are facing in being brutally honest about the realities and risks with their C-level,” said Srujan Talakokkula, Managing Director at Trend Micro, ANZ, Commercial.

“When cybersecurity resilience is risked for the sake of perceptions, the consequence will be widening security gaps - which can be exploited by attackers. This can have huge ramifications including financial and reputational damage, so it is critical for technology leaders to effectively communicate the risks to the top-management,” continued Talakokkula.

This serious credibility gap is closely linked to the inability of organisations to align cyber with business risk. In fact, 49% of respondents say that when they have been able to measure the business value of their cybersecurity strategy, they’ve been given more responsibility.

Other benefits of this approach include IT security leaders being:

• Viewed with more credibility (47%)
• Seen as a more valued function (33%)
• Given more budget (43%)
• Brought into senior decision making (42%)

Additionally, 84% believe media attention to a high profile breach or a breach within the business would be the top two reasons that incentivise the board to act more firmly on cyber risk. Financially, on average respondents believe a loss of up to $300,000 AUD would be needed to incentivise firmer cybersecurity action from C-Suite. 

The heterogeneous cybersecurity environment may be compounding these challenges. Siloed point products across the attack surface generate inconsistent data points, which can make it difficult to tell a clear story about cyber risk to the board.

Over half (58%) of respondents believe they’ll need an increase in IT comms skills in order to rectify the situation. But a unified Attack Surface Risk Management (ASRM) platform could eliminate the need for such hefty investments, by delivering consistent and compelling risk insight—potentially in the form of an executive dashboard.

 

About Trend Micro

Trend Micro, a global cybersecurity leader, helps make the world safe for exchanging digital information. Fueled by decades of security expertise, global threat research, and continuous innovation, Trend Micro's cybersecurity platform protects hundreds of thousands of organisations and millions of individuals across clouds, networks, devices, and endpoints. As a leader in cloud and enterprise cybersecurity, the platform delivers a powerful range of advanced threat defence techniques optimised for environments like AWS, Microsoft, and Google, and central visibility for better, faster detection and response. With 7,000 employees across 65 countries, Trend Micro enables organisations to simplify and secure their connected world. www.TrendMicro.com.au