Belgian IT Managers Complain About Lack of Cybersecurity Leadership
Sixty percent of Belgian IT managers complain about their company's inability to develop a clear cybersecurity strategy, according to a new study by Trend Micro. But the issue is global, the company thinks: there is a lack of investment in securing corporate networks.
With a worldwide 10% increase in cyberattacks – Trend Micro blocked around 161 billion in 2023, as it claims – companies can't afford to be lax about their computer security. But that's exactly what's happening, the company warns in its new report, which surveyed 2,600 IT managers (including 100 Belgian ones).
According to Trend Micro, cyber threats to businesses are 'getting out of hand' as regulators claim. And the cybersecurity provider says companies haven't fully grasped this message.
No Priority
For example, 31% of Belgian respondents indicate a lack of Attack Surface Risk Management (ASRM) techniques to monitor the attack surface – the total collection of vulnerabilities or access points that malicious actors can exploit. Only 26% use tested regulatory and other frameworks such as the NIST Cybersecurity Framework. Sixty percent of Belgian IT managers complain about their company's inability to develop a clear cybersecurity strategy, and say their company's attitude towards cyber risks is inconsistent and changes monthly.
Only 36% of Belgian companies have enough IT staff to be busy with cybersecurity around the clock. More than half of the Belgian respondents – 53% – said their management does not consider cybersecurity part of its responsibilities.
Lack of Leadership
But the problem exists globally, says Trend Micro. Companies are unable to provide a basic level of cybersecurity on their own due to a lack of sufficient resources and support from governance to measure and contain computer security risks. There is a 'lack of leadership and sense of responsibility at the top of those organizations.'
And yet, IT managers do worry. In Belgium, 98% of respondents admit this. Nearly 40% are concerned about the method for identifying high-risk areas, assessing, and containing them, and a quarter say their company lacks a single source of information regarding cyber threats.
"A lack of clear leadership on cybersecurity can have paralyzing effects on a business and lead to reactive, fragmented, and capricious decision-making," Pieter Molen, Technical Director Benelux at Trend Micro, said in a press release. "Companies need a Chief Information Security Officer to translate cyber risks into business risks. Only then will they be able to engage the board's interest. If they want to increase their cybersecurity, they actually need a single source of information for the entire attack surface that keeps the board informed, monitors the risks, and solves problems on its own."