Cybersecurity disconnect: Australian IT leaders vs C-suite

A recent report by cybersecurity firm Trend Micro has unveiled a notable disconnect between Australian IT security leaders and their C-suite executives regarding the perception of cyber risks. The report, titled Cyber Risk and Dividends, surveyed 100 business leaders across key sectors such as retail, software, and financial services.

Trend Micro is a global player in cybersecurity, offering advanced threat defence techniques optimised for various environments, including AWS, Microsoft, and Google. The company's platform delivers central visibility for better and faster detection and response, helping organisations secure their digital operations.

Trend Micro's findings reveal that 76% of Australian technology leaders acknowledge that cyber-attacks represent the most financially damaging business risk. However, only 55% of these leaders believe that their C-suite fully comprehends the extent of these threats. The report further indicates that, on average, losses must escalate to USD $300,000 before senior executives take decisive action on cyber risks.

This gap in understanding is a significant concern among IT security leaders. The report highlights that 73% of local cybersecurity leaders feel pressured to downplay the severity of cyber risks when communicating with their boards. This pressure is often attributed to perceptions of being repetitive or negative, with 44% of leaders indicating they are seen as such and 41% feeling they are viewed too negatively.

Srujan Talakokkula, Managing Director at Trend Micro, Australia and New Zealand (ANZ), commented on the findings. "Despite clear evidence of an increasingly aggressive threat landscape, our research shows the pressures security leaders face in being honest about the realities and risks with their C-level," he stated. Talakokkula emphasised the potential financial and reputational damage that can occur when cybersecurity resilience is compromised for the sake of perceptions.

The report also identified that aligning cybersecurity strategies with business risks can enhance the credibility and responsibilities of IT security leaders. Among the respondents, 49% reported receiving more responsibilities upon effectively measuring the business value of their cybersecurity strategies. Additional benefits included increased credibility (47%), being seen as a more valued function (33%), receiving more budget (43%), and being involved in senior decision-making (42%).

The report suggests that media attention to high-profile breaches or internal security failures could incentivise boards to act more firmly on cyber risks. An overwhelming 84% of respondents indicated this would be a top motivator for C-suite executives. Despite this, the complex cybersecurity environment presents challenges, with siloed point products across the attack surface generating inconsistent data and making it difficult to present a clear risk narrative to the board.

Over half of respondents (58%) believe that improving IT communication skills is necessary to bridge this gap. However, the report also suggests that a unified Attack Surface Risk Management (ASRM) platform could streamline this process by providing consistent and compelling risk insights, potentially through an executive dashboard.