Even in this digital era, there are certain systemic defies with security integration across businesses, claims a recent Trend Micro study.
With the rapid shift towards IT modernization, enterprises are expanding their security teams to cyber-security measures to head in the right direction. Experts believe, for any business, cyber-security should be viewed as a primary technology aspect. A recent research study from Trend Micro reveals the systemic challenges with security integration within the business processes.
The study highlights the top techniques to drive engagement and enhance agreement around cyber-security strategies in an organization. It was found that only 23% of companies prioritize the alignment of security with crucial business plans.
The significant recommendations to remedy this principal challenge are –
- Adding a business information security officer (BISO) to augment business-security alignment
- Building a measurable, top-down program to help CISOs communicate easily with their boards
- Modifying the reporting structures so that CISOs report directly to their CEO
However, cyber-security is still viewed as a chief technology area. When the leadership team is more engaged and educated around the security functions, they generally ask tricky questions. Besides, when they dig deeper into critical issues, things are more likely to make the leap big from technical to overall business disputes.
Nearly 82% of the survey respondents noted that cyber risk has amplified in the last two years – undoubtedly due to the rise in threats. Moreover, the increasing corporate attack surface and since business processes are more reliant on technology than ever- has expanded the risk landscape.
Regardless of the rapid adoption of digital transformation solutions in the pandemic era, security is still viewed as principal (41%) or exclusively (21%) a technology area. Yet, the lack of cyber-security prioritization is somewhat valid in the boardroom, claims the study.
Although almost 85% of professionals claimed that the boards of directors (BODs) are currently more engaged in security strategy and decision making than they were two years back. Such executives are often passively drawn in due to a major breach, new compliance necessities, or a security suite creation by the CISO.
In fact, some 44% of the respondents reported that their BODs have limited involvement in critical cyber-security operations. This lack of engagement indicates that many boards are only prepared to fund to meet protection and compliance requirements. Indeed, striving for just “good enough” cyber-security is not sufficient given the current cyber threat scene.
As Ed Cabrera, the chief cybersecurity officer at Trend Micro mentions in the company blog – “This report mirrors many of my conversations with CISOs highlighting that lack of boardroom engagement can lead to poor cyber hygiene and security that is not properly integrated into business processes. We can only create a culture of cyber-security if CEOs and corporate directors lead by example. Every employee must believe they have a role in protecting the organization.”