Security leaders downplay risks until a breach wakes them up

May 26, 2024
1 min read

TLDR:

Key Points:

  • 79% of cybersecurity leaders feel pressured to downplay risks by their boards
  • 80% believe only a serious breach would incentivize the board to act more firmly

Security leaders are facing pressure from their boards to downplay the severity of cybersecurity risks, with many believing that only a serious breach would prompt action. A Trend Micro report revealed that communication gaps exist between security and business leaders, with only half of security leaders confident that the C-suite fully understands cyber risks. Boards are more interested in strategic questions about cybersecurity’s business value rather than technical details, and successful communication of this can lead to increased credibility, responsibilities, and budget allocation for security leaders.

The report emphasizes the importance of security leaders engaging better with senior leadership to improve corporate cyber-resilience. It also highlights the negative impact of C-suite action driven by one-off events such as breaches, leading to disjointed investments and additional complexities. By measuring and communicating the business value of cybersecurity strategies, security leaders can gain credibility, responsibility, and more budget allocation, ultimately contributing to long-term strategic goals and overall cyber-resilience of organizations.

Latest from Blog

EU push for unified incident report rules

TLDR: The Federation of European Risk Management Associations (FERMA) is urging the EU to harmonize cyber incident reporting requirements ahead of new legislation. Upcoming legislation such as the NIS2 Directive, DORA, and