Some 89% of business decision makers (BDMs) acknowledge the link between business and cyber risk, according to new Trend Micro research. So far, so good you might think – especially in light of a recent World Economic Forum (WEF) report. Unfortunately not. The same study also finds that two-fifths (38%) view cybersecurity as a barrier rather than a business enabler.
Such legacy attitudes are both surprising and self-defeating. Surprising because we know BDMs appreciate first-hand how cyber can enhance new business pitches and improve talent acquisition. And disappointing because BDMs can ill afford to hold their businesses back like this at a time of economic crisis.
Siloed views make for poor decision making
Effective decision making lies at the heart of any successful business. But contradictory viewpoints on the value of cyber are not the stuff of confident, dynamic organisations. Yet that’s exactly what we found. On the one hand, 71% of global BDM respondents to our research say they’re being asked about security posture in negotiations with prospects and suppliers. And a fifth claim their own posture has already cost them new business. Yet just 57% see a “strong” or “very strong” connection between cybersecurity and client acquisition/satisfaction.
The same disconnect between lived experience and perception can be seen in the battle to attract and retain the brightest and best corporate talent. Nearly three-quarters (71%) of respondents claim the ability to work from anywhere has become vital to attracting talent. And 83% admit poor security policies have affected remote employees’ ability to do their jobs. Over half (54%) reveal that policies restrict what devices and platforms employees can choose to use, for example. Yetdespite this reality, just two-fifths understand the strong connection between cybersecurity and talent attraction (43%) and retention (42%).
The bottom line
In a downturn, organisations must focus ruthlessly on winning new business, keeping their most talented employees, and generating sustainable growth. But by failing to appreciate the strong connection between cyber and customer/talent acquisition, BDMs are actively undermining these efforts. According to the WEF, widespread cybercrime and insecurity are a top 10 global risk for the next two and 10 years.
It's time more business leaders understood how closely business and cyber risk are inter-related, and how managing the latter can help them drive resilience and growth for their organisation. The following may help:
- Identify your key assets, by calculating the business impact of potential loss, theft or service disruption
- Track and manage cyber risk across these assetscontinuously
- Report regularly to the board, articulating cyber risk in business terms
- Put in place a continuous cyber improvement programme
There’s no destination for effective cyber risk managementprogrammes. It’s a continuous approach which will evolve as business conditions, technology, and threat and regulatory landscapes change. But the bottom line is that BDMs need to join the dots more effectively between cyber and business risk. And security leaders could do more to speak the language of business.
We’ve been saying this for years. But the penny is now tantalisingly close to dropping in boardrooms across the globe. Click here for more on the research.