Security Leaders Face Pressure to Soften Language on Cyber Risks, Trend Micro Reveals

In a recent study conducted by Trend Micro, a global cybersecurity leader, it was revealed that a significant number of cybersecurity leaders are facing pressure from their boardrooms to downplay the severity of cyber risks facing their organizations. The study found that four-fifths (79%) of global cybersecurity leaders have felt this pressure, highlighting a concerning trend in the industry.

According to Trend Micro’s Technical Director Bharat Mistry, “Over half of security leaders say cyber is their biggest business risk. But they’re failing to communicate that risk in a language the board understands. As a result, they’re ignored, belittled, and accused of nagging.” This lack of effective communication can lead to a serious credibility gap, with many security leaders feeling dismissed or undervalued by senior leadership.

The study also found that when security leaders were able to measure the business value of their cybersecurity strategy, they were viewed with more credibility. Benefits of this approach included being given more responsibility, seen as a more valued function, given more budget, and brought into senior decision-making processes.

Despite these potential benefits, there remains a persistent communication gap between IT and business leadership. Only half of respondents are confident that their C-suite completely understands the cyber risks facing the organization, and cybersecurity is often still treated as part of IT rather than business risk.

One potential solution to bridging this communication gap is the adoption of a unified Attack Surface Risk Management (ASRM) platform. This platform could provide consistent and compelling risk insight, potentially in the form of an executive dashboard, eliminating the need for hefty investments in IT communications skills.

Overall, the study highlights the importance of effective communication between cybersecurity leaders and senior leadership in order to ensure corporate cyber-resilience. With the ever-evolving threat landscape, it is crucial for organizations to prioritize cybersecurity and ensure that their boardrooms are fully informed and prepared to act decisively in the face of cyber risks.