What companies prioritize over cybersecurity

By Phil | April 1, 2022 | Last updated on October 30, 2024
2 min read
Computer with digital padlock

Even as instances of cyberattacks grow in North America and worldwide, business leaders in charge of cybersecurity appear to be putting other priorities first, according to a recent study from cybersecurity firm Trend Micro.

It found that if push came to shove, 81% of IT decision-makers in Canada said their companies would compromise on cybersecurity in favour of productivity, innovation and hybrid working.

What’s more, 70% of respondents (207 IT leaders and business decision-makers at firms with over 250 employees) said they’d felt pressured to downplay cyber risk severity to their company’s board.

Interestingly, 36% of respondents said cybersecurity is the biggest business risk currently in play, and 64% said it has the highest cost impact of any business risk.

The survey also revealed potential friction, as 50% of survey respondents said cyber risks are being treated as IT problems instead of business risks. Plus, 48% of respondents said their organization’s attitude toward cyber risk varies from month to month.

Antoine Saikaley, Canadian technical director for Trend Micro, said the findings highlight the need to “reframe the discussion around cybersecurity and reposition it as a fundamental driver of business growth, which connects members of the C-suite and their IT decision-makers.”

The survey found only 45% of business decision-makers and 44% of IT leaders believe those in the C-suites fully grasp the risks presented by cyberattacks.

When it comes to determining who bears responsibility for mitigating and managing cyber risk, 32% of respondents said it falls to the CEO and 20% said it rests with IT.

Respondents said three primary events would get C-suite executives to take cyber risk more seriously:

  • A high-profile breach being reported in the media (65%);
  • A breach at a competitor (61%); and
  • A breach at their own organization (59%).

And … 75% said more people within an organization should be held responsible for managing and mitigating business risk.

 

This article is excerpted from one that appeared in the February-March issue of Canadian Underwriter.

Feature image by iStock.com/MF3d

Phil