Europe ahead of US on cyber-business alignment

Trend Micro-ESG study calls for appointment of Business Information Security Officers.

  • 2 years ago Posted in

Trend Micro has revealed that European business and IT leaders are more likely than their North American peers to view cybersecurity as part of the business mission — but that there’s still plenty of room for improved alignment.



The Trend Micro-sponsored research was conducted by the Enterprise Strategy Group


It found that 73% of European respondents today view cybersecurity partially or entirely as a business area, versus just 58% in North America. In addition, 80% of European organisations indicated that most (47%) or some (32%) of their board members are knowledgeable about cybersecurity.


What’s more, things are improving, with 82% claiming that the board is somewhat or much more engaged with security than it was two years ago.

This is good news as, when board members are more educated and engaged, they ask tougher questions, dig into issues, and make the leap from cybersecurity to business issues, the report noted.


However, there’s still a long way to go: less than half of European respondents rated their C-level executives’ commitment to cybersecurity (49%) or their organization’s intention to build cybersecurity into business processes and IT initiatives (45%) as adequate or fair. Over half (56%) rated their company-wide commitment to cyber-hygiene as adequate, fair, or poor.


By minimising their commitment to cybersecurity, boards can inadvertently increase risk and make the deployment of security controls more complex and costly than they need to be. This comes at a time when 77% of European respondents believe cyber-risk is increasing, primarily due to escalating threat levels.

European organizations are also more mature than their North American counterparts in areas like GRC (29% versus 15%) and third-party risk management (22% versus 13%). However, they are not investing in application security (3%), security engineering/SDLC (6%), or endpoint security (5%) despite the renewed focus on these areas since the start of the pandemic.


“The GDPR has forced closer collaboration between cybersecurity and the business among European organisations, as this study clearly shows. But while this is laudable, it’s disappointing to see areas like application and endpoint security still being neglected,” said Camilla Currin, Cybersecurity Consultant at Trend Micro. “These will be crucial for organisations to drive the kind of secure digital transformation projects on which post-pandemic growth must be built. The first stage is getting the board to understand the strategic criticality of cyber to business success.”


The report makes the following recommendations to improve cyber-business alignment:

·       Create a Business Information Security Officer (BISO) role to drive security into business processes, critical assets, sensitive data, and employee roles

·       Change the reporting structure so that the CISO reports directly to the CEO, for greater exposure and alignment

·       Formalise and document a top-down cybersecurity programme highlighted by KPIs and established metrics, to help CISOs better communicate with business executives

 

Research shows ‘game needs to be changed,’ with security innovation years behind that of the...
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that...
Atos has launched Atos OneCloud Sovereign Shield, a set of solutions, methodologies, and...
New distribution agreement set to bolster Westcon-Comstor’s Zero Trust offering in more markets...
Research from Avast has found that employees in almost a third (31%) of Small and Medium...
This year, over half of MSPs or their end customers have been attacked by ransomware but only 53%...
Trend Micro has published new research revealing that 90% of IT decision makers claim their...
Cyber consultants call on businesses to act now, or risk budgets shrinking further in ‘real...