Italian companies under ransomware slap, 94% of IT managers sound the alarm According to a Trend Micro report, worldwide losses in the last 18 months amounted to over 4 billion dollars. Cybersecurity budgets are on the rise, but the skills gap in top management puts the resources invested at risk

16 Feb 2022 L. O.

Insufficient "dialogue" between IT managers and top management in companies. We need a reorganization capable of countering the boom in cyberattacks and enhancing investments in security. It emerges from a Trend Micro report that ransomware attacks in 2020 increased by 150% year on year with a doubling of the average amount of extortion. A trend that puts victim organizations at risk not only from a financial point of view but also from a reputational point of view: the average cost of a breach exceeds 4.2 million dollars, but the figure can reach higher levels if ransomware is involved. Index of topics • The scenario in Italy • Investments in cybersecurity increased • Poor "connection" between board and IT department The scenario in Italy In particular, in Italy 94% of Italian IT and business managers are particularly concerned about ransomware attacks, but despite this fear, only 63% of IT appointees discuss cyber risks with management at least once a week.

“It used to be months or even years before vulnerabilities were exploited following their discovery - explains Lisa Dolcini, Head of Marketing at Trend Micro Italia -. Now it can take hours or less. Managers understand that they have a responsibility to be informed, but they often feel overwhelmed by the speed with which the cybersecurity landscape evolves. IT managers must communicate with management to identify the risks that the organization runs, and how to best manage them ".

Investments in cybersecurity are up

"Fortunately - the report reads - current IT investments are not so low". 57% of the sample said their organization is investing more in cybersecurity to mitigate business risk. Security has surpassed more traditional areas such as digital transformation (56%) and the workforce (52%). About 45% of business leaders and 62% of IT leaders said they recently increased their investments to mitigate the risks of ransomware attacks and security breaches. However, low management engagement combined with increased investment suggests a tendency to spend more on problem solving rather than fully understanding cybersecurity challenges and investing appropriately. This approach, the report continues, “can damage the most effective strategies and risk generating greater financial losses”. Only 46% of respondents also stated that concepts such as "cyber risk" and "cyber risk management" are known in their organization. Finally, 74% would like more people to deal with risk management and mitigation and this would help promote a corporate-level culture of "security by design".

Poor "connection" between board and IT department

82% of IT decision makers felt compelled to minimize the severity of IT risks "for the benefit" of the board of directors. Almost a third say it is a constant pressure. The friction between top management and IT extends to the entire organization. Only one in two IT managers and 38% of business decision makers believe their management team fully understands IT risks. For 26% of IT leaders, this lack of understanding on the part of managers is due to insufficient effort and for 20% it is simply a refusal to understand.