ESG study reveals prevailing problem of under-prioritized security technology

HONG KONG SAR - Media OutReach - 29 January 2021 - Trend MicroIncorporated(TYO: 4704; TSE: 4704), the leader in cloud security, shared results from a sponsored study conducted by the EnterpriseStrategy Group (ESG)[1]that reveals systemic challenges with security integration into businessprocesses. The report includes the top ways to drive engagement andagreement around cybersecurity strategies within an organization.

Reada full copy of the report, Cybersecurity in the C-suite and Boardroom (https://resources.trendmicro.com/rs/945-CXD-062/images/ESG-eBook-TrendMicro-Cyber-C-Suite-Boardroom-Dec2020.pdf), or watch this webinar tolearn more (https://resources.trendmicro.com/WBN-ESG-Cybersecurity-Boardroom.html?linkId=109490866).

The study found that only 23% of organizations prioritize the alignment of securitywith key business initiatives. Here are three key recommendations to remedythis core challenge:

1. Add a Business Information Security Officer (BISO) to improve business-securityalignment.
2. Build a top-down, measurable program to help CISOs bettercommunicate with their boards.
3. Change reporting structures so CISOs report direct to their CEO.

The study also found that when board members are more educated and engaged in thecybersecurity function, they ask tougher questions, dig deeper into issues, andare more likely to make the leap from technical to business issues.

Thevast majority (82%) of survey respondents claimed that cyber risk has increasedin the past two years, thanks primarily to a rise in threats, an expandingcorporate attack surface and the fact that business processes are moredependent than ever on technology.

Yetdespite the rapid adoption of digital transformation processes in the pastyear, security is still viewed as primarily (41%) or entirely (21%) atechnology area.

The lack of cybersecurity prioritization isparticularly true in the boardroom. Although 85% of respondents claimed thatthe board of directors are more engaged in security decisions and strategy thantwo years ago, often those executives are passively drawn in because of a majorbreach, new compliance requirements or the creation of a security program by aCISO.

Infact, 44% of respondents indicated that their board of directors have limitedinvolvement in many critical cybersecurity operations. This lack of engagementmeans many boards are only prepared to fund the bare minimum to meetrequirements for compliance and protection.

"Striving for 'good enough' security isfrankly not good enough given today's cyber risk landscape. This report mirrorsmany of my conversations with CISOs highlighting that lack of boardroomengagement can lead to poor cyber hygiene, and security that is not properlyintegrated into business processes," said Ed Cabrera, chief cybersecurityofficer for Trend Micro. "We can only create a culture of cybersecurity if CEOsand corporate directors lead by example. This encourages every employee to believethey have a role in protecting the organization."

About Trend Micro

Trend Micro, a globalleader in cybersecurity, helps make the world safe for exchanging digitalinformation. Leveraging over 30 years of security expertise, global threatresearch, and continuous innovation, Trend Micro enables resilience forbusinesses, governments, and consumers with connected solutions across cloudworkloads, endpoints, email, IIoT, and networks. Our XGen™ security strategypowers our solutions with a cross-generational blend of threat-defensetechniques that are optimized for key environments and leverage shared threatintelligence for better, faster protection. With over 6,700 employees in 65countries, and the world's most advanced global threat research andintelligence, Trend Micro enables organizations to secure their connectedworld. www.trendmicro.com.hk