Trend Micro research shows that most companies around the world, including in Belgium, do not have enough resources to continuously monitor cyber risks. Management often does not take sufficient responsibility for cybersecurity.

Trend Micro surveyed 2,600 IT managers worldwide, including 100 Belgians, on their approach to attack surface management (ASRM). Only 36 percent of Belgian companies have sufficient staff to ensure continuous cybersecurity. In addition, 31 percent of companies lack a strategy for effective risk measurement and only 26 percent use frameworks such as the NIST Cybersecurity Framework.

Responsibility

Half of Belgian respondents say their management does not take responsibility for cybersecurity. In addition, there is uncertainty about who within the organization is responsible for limiting cyber risks. Almost a third of IT managers (29%) say this responsibility lies with their IT teams. As a result, the strategy in many companies changes regularly, leading to inconsistent policies, according to 60 percent of respondents.

“A lack of clear leadership in cybersecurity can have a paralyzing effect on a company and lead to reactive, fragmented and erratic decisions. Companies need a CISO (Chief Information Security Officer) who can turn cyber risks into business risks. This is the only way to attract the attention of the board,” says Pieter Molen, Technical Director Benelux at Trend Micro.