“IT leaders censor themselves in front of the board for fear of repeating themselves or appearing too negative. Nearly a third say it’s constant pressure But this just perpetuates a vicious cycle of executive ignorance of the true risks,” suggests Bharat Mistry, technical director at Trend Micro in the UK. He suggests that IT leaders need to talk about risk in a way that sees cybersecurity as a fundamental driver of business growth in order to be on the same platform as business leaders.
A new survey shows that an overwhelming majority (90%) of IT decision makers say their organizations would be willing to trade off cybersecurity for digital transformation, productivity or other goals. This study, conducted by Trend Micro, focuses on the psychology of risk within organizations. The survey, comparing attitudes of IT and business leaders, found that 82% of IT decision makers feel pressure on their boards to downplay the seriousness of cyber risks.
I think we should change our spending. “This is the first and critical step in aligning a business’s cybersecurity strategy. By articulating cyber risk in business terms, executives can view security as a driver of growth rather than a barrier to innovation.” You can see it,” Gough said. To highlight another point of contention, the survey also suggests that there is disagreement between IT leaders and business leaders about who is ultimately responsible for managing and mitigating risk. We can see that an IT leader is almost twice as likely to blame his IT team than a business leader.
change the tone
According to the survey, only half of IT leaders and his 38% of business decision makers believe that executives fully understand cyber risks. Some attributed it to the complexity of the topic, while others attributed it to a lack of executive effort (26%) or a lack of understanding (20%). Not surprisingly, 49% of his respondents say cyber risk is still treated as an IT issue, not a business risk. Phil Gough, head of information security and assurance at Nuffield Health, said IT decision makers should not downplay the seriousness of cyber risks to their boards, but rather put them in words that both parties can understand.