Only one third of organisations run round-the-clock cybersecurity

Trend Micro research reveals major security gaps and lack of board accountability in many companies.

  • Sunday, 22nd September 2024 Posted 1 year ago in by Phil Alsop

Trend Micro has published research revealing that UK organisations lack sufficient resources and leadership buy-in to measure and mitigate risk across their digital attack surface.

The research, which surveyed 100 UK cybersecurity leaders as part of a global study polled those responsible for cybersecurity in small, medium and large organisations to better understand their attitudes toward attack surface risk management (ASRM).

The top three gaps in cyber-resilience revealed by respondents were:

Sufficient staffing for 24x7x365 cybersecurity coverage – which just 31% have

Attack surface management techniques to measure the risk of the attack surface (used by 32%)

Using proven regulatory and other frameworks like the NIST Cybersecurity Framework (only 34%)

The failure of UK companies to achieve these cybersecurity basics could be traced back to a lack of leadership and accountability at the top of the organisation. Half (48%) of global respondents claimed that their leadership doesn’t consider cybersecurity to be their responsibility. Just 17% disagreed strongly with that statement.

When asked who does or should hold responsibility for mitigating business risk, respondents returned a variety of answers, indicating a lack of clarity on reporting lines. Nearly a third (25%) of UK respondents said the buck stops with organisational IT teams.

This lack of clear direction on cybersecurity strategy may be why over half (54%) of UK respondents complained that their organisation’s attitude to cyber risk is inconsistent and varies from month to month.

Bharat Mistry, Technical Director at Trend Micro said: “A lack of clear leadership on cybersecurity can have a paralyzing effect on an organisation—leading to reactive, piecemeal and erratic decision making. Companies need CISOs to clearly communicate in terms of business risk to engage their boards. Ideally, they should have a single source of truth across the attack surface from which to share updates with the board, continually monitor risk, and automatically remediate issues for enhanced cyber-resilience.”

The leadership required to remediate these issues is not present in many organisations. Nearly all (94%) of those surveyed have concerns about their attack surface. Over one third (36%) are worried about having a way of discovering, assessing and mitigating high-risk areas, and 16%) aren’t able to work from a single source of truth.

Certification's true value lies beyond speed, focusing on continuous system improvement for genuine...
Supermicro expands its AI edge computing solutions with Intel's advanced technologies, aiming to...
One Identity sets new course as an independent entity, focusing on identity governance with its...
A surge in AI adoption results in increased security concerns across UK and US enterprises, despite...
N-able introduces Shadow AI Visibility to monitor AI tool usage, enhancing organisational security...
Vanquis integrates Freshservice to streamline service operations, marking a development in its...
Scality and OVHcloud partner to deliver a sovereign cloud platform tailored for European digital...
Perforce Software has introduced updates to its DevOps tech stack, adding new tools for AI...