Only One Third of Organizations Run Round-the-Clock Cybersecurity
Trend Micro research reveals major security gaps and lack of board accountability in many companies
Mumbai, September 24, 2024 –– Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global cybersecurity leader, today published research revealing that global organizations lack sufficient resources and leadership buy-in to measure and mitigate risk across their digital attack surface.
To read the full report, please visit: https://www.trendmicro.com/explore/thecisocredibilitygap/2774-v1-en-rpt
Sharda Tickoo, Country Manager for India & SAARC at Trend Micro: “A lack of clear leadership on cybersecurity can have a paralyzing effect on an organization—leading to reactive, piecemeal and erratic decision making. Companies need CISOs to clearly communicate in terms of business risk to engage their boards. Ideally, they should have a single source of truth across the attack surface from which to share updates with the board, continually monitor risk, and automatically remediate issues for enhanced cyber-resilience.”
Trend polled 2,600 global IT leaders responsible for cybersecurity in small, medium and large organizations to better understand their attitudes toward attack surface risk management (ASRM).
The top three gaps in cyber-resilience revealed by respondents were:
· Sufficient staffing for 24x7x365 cybersecurity coverage – which just 36% have
· Attack surface management techniques to measure the risk of the attack surface (used by 35%)
· Using proven regulatory and other frameworks like the NIST Cybersecurity Framework (only 34%)
The failure of a majority of global companies to achieve these cybersecurity basics could be traced back to a lack of leadership and accountability at the top of the organization. Half (48%) of respondents claimed that their leadership doesn’t consider cybersecurity to be their responsibility. Just 17% disagreed strongly with that statement.
When asked who does or should hold responsibility for mitigating business risk, respondents returned a variety of answers, indicating a lack of clarity on reporting lines. Nearly a third (31%) said the buck stops with organizational IT teams.
This lack of clear direction on cybersecurity strategy may be why over half (54%) of global respondents complained that their organization’s attitude to cyber risk is inconsistent and varies from month to month.
The leadership required to remediate these issues is not present in many organizations. Nearly all (96%) of those surveyed have concerns about their attack surface. Over one third (36%) are worried about having a way of discovering, assessing and mitigating high-risk areas, and a fifth (19%) aren’t able to work from a single source of truth.
Certain statements included in this press release that are not historical facts are forward-looking statements. Forward-looking statements are sometimes accompanied by words such as “believe,” “may,” “will,” “estimate,” “continue,” “anticipate,” “intend,” “expect,” “should,” “would,” “plan,” “predict,” “potential,” “seem,” “seek,” “future,” “outlook” and similar expressions that predict or indicate future events or trends or that are not statements of historical matters. These forward-looking statements include, but are not limited to, statements concerning our new Trend Vision One TM Sovereign Private Cloud related AI solution elements. These statements are based on our current expectations and beliefs and are subject to a number of factors and uncertainties that could cause actual results to differ materially from those described in the forward-looking statements. Although we believe that the expectations reflected in our forward-looking statements are reasonable, we do not know whether our expectations will prove correct. You are cautioned not to place undue reliance on these forward-looking statements, which speak only as of the date hereof, even if subsequently made available by us on our website or otherwise. We do not undertake any obligation to update, amend or clarify these forward-looking statements, whether as a result of new information, future events or otherwise, except as may be required under applicable securities laws.