Only one in three organizations can manage cybersecurity around the clock. Most companies also need more resources and top management support to be able to better intercept and mitigate threats to their infrastructure. This finding emerges from “Underfunded and unaccountable: How a lack of corporate leadership is hurting cybersecurity”, the latest research by Trend Micro. The study delves into executives ‘attitudes towards attack surface risk management, highlighting gaps that could severely compromise organizations’ cyber resilience.

The research shows that only 36 per cent of the sample have sufficient staff to ensure 24/7 cybersecurity coverage. Only 35% use attack surface management techniques to measure attack surface risk. Only 34 per cent comply with proven frameworks, such as NIST. The inability of most companies to meet these basic security requirements may be related to a lack of leadership and responsibility of the organization’s top management. In fact, half (48 per cent) of the respondents said that business leaders do not consider cybersecurity their responsibility. When asked who has or should have responsibility for mitigating corporate risk, responses indicated a lack of clarity on guidelines. However, 31 per cent said that responsibility would lie with IT teams.

Absence of directions

The lack of clear direction on cybersecurity strategy may be the reason why more than half (54%) of the respondents complained about their organization’s attitude towards cyber risk, which they cited as inconsistent and varying over time (54%). The lack of a clear cyber strategy can negatively affect an organization’s ability to make quick and consistent decisions. Fort this, it is essential that Chief Information Security Officers (CISOs) communicate cyber risks clearly, using all available tools and actively involving Boards of Directors.

To best address these challenges, companies should consider adopting an integrated solution. Such a solution should protect the entire attack surface and enable real-time risk monitoring and automated criticality management. This approach greatly strengthens the organization’s resilience and it is also crucial that the platform can be integrated with third-party solutions to ensure comprehensive protection and smoother security management. In fact, the study revealed that this is not the case in many organisations and some 96 per cent of respondents have concerns about their attack surface. 36 per cent would like to find a way to discover, assess and mitigate high-risk areas, while 19 per cent are unable to work on a single source of truth.

Another study by Check Point Research tells how the lack of cybersecurity skills is becoming a critical issue for companies adopting the cloud, as highlighted by Check Point’s Cloud Security Report 2024. The rise of security incidents in the cloud, particularly data breaches, underlines the need for a more robust approach to cybersecurity.

Staff shortages

The shortage of qualified personnel and the lack of awareness among employees are significant obstacles. Despite the importance of training, many organizations do not consider it a priority, leaving their teams vulnerable to attacks. The shortage of experts in the field further compounds the problem, making it difficult for companies to defend themselves effectively. Furthermore, adopting emerging technologies such as AI and Machine Learning requires new skills that many organizations do not yet possess. 61 per cent experienced at least one security incident related to the use of the public cloud in the past year, a significant increase from 24 per cent in the previous year. Data breaches were the most common and can result in hefty fines and reputational damage. The upcoming NIS2 directive is likely to increase the impact of such breaches

According to Check Point, the skills gap may hinder the adoption of these technologies and increase the risk of attacks. Check Point’s Cristiano Voschion emphasizes the importance of prioritizing cyber security prevention and training. Only 26 per cent organize monthly sessions dedicated to security, contributing to a skills gap and increased vulnerability to sophisticated cyber-attacks. Too many organizations do not believe prevention is feasible, but this mistake can have disastrous consequences. Check Point urges companies to re-evaluate their approach to security, investing in training, prevention and advanced solutions such as CloudGuard. Companies can protect their assets and reputation only by proactively addressing these challenges in an ever-changing threat landscape.