1. How has your business background influenced your approach to cybersecurity solutions and your understanding of the challenges faced by organisations?
My background has given me a firsthand perspective on the complexities of running a business in ‘normal’ circumstances, let alone in the current economic conditions. Businesses today face an even broader range of challenges, from macroeconomic pressures to supply chain disruptions. Compounded, all of this can make cybersecurity an incredibly tough challenge.
Cybercriminals are becoming more sophisticated and advanced in their approaches, and when they only need to exploit a vulnerability with a single successful attempt, while organisations must constantly be on guard, it can easily feel like an uphill battle.
Our recent study found that 76% of Australian tech leaders see cyber threats as the most financially impactful risk, yet just 55% believe their c-suite completely understands the magnitude of the risks. In today’s business landscape, it’s important to bridge the gap between cybersecurity and business strategy. In my role, my goal is to ensure tools and solutions fit seamlessly into existing frameworks, rather than forcing businesses to adapt to new, complex systems – so as not to add another challenge to the plate.
2. The Trend Micro Cyber Risk and Dividends Report highlights a significant disconnect between IT security leaders and the C-suite regarding the severity of cyber threats. What are the primary factors contributing to this gap?
The disconnect often arises because business leaders prioritise hard data, quantifiable insights, and market context directly related to their operations. Our research showed that many cybersecurity leaders feel pressure from the board because they are seen being repetitive or nagging (44%) and overly negative (41%) and find c-suite act only after experiencing a significant loss.
This significant disconnect is a classic case of “closing the barn door after the horses have bolted”. Effective cybersecurity must be seen as a support and enabler for innovation, not a hindrance. To bridge the gap, it’s important that security leaders work on articulating the risk landscape in business language that is quantifiable and specific to the organisation. Automating this process through AI can help minimise resource strain, ensuring that cybersecurity initiatives complement business goals rather than become an obstacle.
3.The report also indicated that many IT security leaders feel pressured to downplay cyber risks to their boards. What are the root causes of this pressure, and how can it be addressed?
Historically, cybersecurity professionals have gained a reputation for being overly cautious, focusing on what businesses shouldn’t do rather than how to innovate. This perception, combined with a general belief among some businesses that they are not prime targets, creates a scenario where security risks might be downplayed.
Our research has shown that senior executives can often avoid sounding alarm bells unless they see clear and quantifiable risk linked to business strategies. To tackle this, its important to improve communication through automated security risk management (ASRM) systems, board education, and simulation exercises. These can all support the necessary building of trust, to demonstrate how businesses can innovate safely without compromising security.
4. How do you see the Australian government’s role in enhancing cybersecurity for businesses?
The Australian government plays a crucial role in shaping cybersecurity for business through initiatives like the Cyber Security Strategy 2023-2030, Security of Critical Infrastructure Act (SOCI) and the latest Cyber security bill.
While standards and regulation are important, these can also be met with criticism and challenges for businesses. On one hand, new legislation aims to improve the security maturity of businesses, ensuring a higher standard across the board. However, this also creates compliance burdens that businesses need to manage.
Importantly, the government’s offensive actions, such as law enforcement takedowns of cybercriminal groups like Labhost and Lockbit, demonstrate a proactive stance. While these may seem like small wins, they have a disruptive effect on criminal networks. Through a collaborative approach to cyber legislation and policy, it is possible to actively work to create a safer digital environment for Australian businesses.
5. Given the increasing frequency and sophistication of cyber-attacks, how can businesses effectively prioritise cybersecurity investments and mitigate risks?
Effective communication between cybersecurity teams and the C-suite is essential to effectively prioritise investments. Platforms like ASRM can help by providing a common language for IT teams to discuss and address risks and prioritise risk reduction strategies across the organisation.
To get ahead as a business, adopting automation and zero trust principles are crucial, ensuring robust security without compromising flexibility. However, as many businesses are faced with shrinking cybersecurity budgets and resources, overarching cybersecurity platforms like Trend Micro’s Vision One are appealing as they offer strategic tools to enhance security efficiently. These systems streamline processes and enable businesses to implement essential safeguards without overwhelming their resources.
6.What specific trends and challenges do you foresee in the cybersecurity landscape over the next few years, and how do you plan to address them?
As businesses increasingly adopt AI to accelerate their operations, cybercriminals are also leveraging these technologies, making it harder to detect threats like deepfakes and sophisticated phishing scams. At the same time, we have also seen the significant impact IT outages can cause, such as the recent Crowdstrike event, even if they are not caused by a cyber-attack.
While the attack surface continues to expand, the fundamentals of cybersecurity remain the same—understanding and mitigating the most critical risks to the business. Addressing this growing complexity requires a collaborative approach. At Trend Micro, we offer a consolidated platform that integrates decades of automation and AI expertise, augmented by generative AI, to equip all enterprises with comprehensive security solutions. Our partnerships and solutions also allow businesses to outsource parts of their cybersecurity operations, ensuring they can scale without needing to build extensive in-house resources, effectively managing cyber risk with expert support.
With over two decades of AI/ML innovation, we are constantly anticipating and building solutions for emerging technology, to ensure security teams stay ahead with state-of-the-art cybersecurity solutions – whatever the future may bring.