Digital Security | App security

Is Trust the Hidden Enemy of Effective Cyber Defense?

Cyber threats have been presumed as the primary challenge for businesses. However, a surprising culprit has emerged as a barrier to resilient cyber defense—a lack of trust. The implications of this pervasive issue have been brought to light by a sweeping global study examining the state of cyber defense.

The report, entitled "State of Cyber Defense 2023: The False-Positive of Trust," surveyed 1,000 senior IT security decision-makers across eight international markets, including Hong Kong. Commissioned by Kroll, a risk and financial advisory solutions company, the study seeks to comprehend the current cyber defense and organizational trust levels.

Around 95% of information security decision-makers confessed they do not feel senior leadership trusts them enough to protect their organizations from threats, highlighting a worrying level of mistrust. As a result, companies are struggling to formulate efficient cyberdefense strategies and address cybersecurity challenges effectively.

Regtech to Solve Aussie Bank "trust deficit"

Interestingly, the report uncovers the impact of trust on the strategic actions of organizations. In Hong Kong, nearly half of the companies indicated that over-stretched business or financial targets erode trust, consequently obstructing the establishment of robust cyber defense. Meanwhile, poor communication was the most commonly cited reason for losing trust globally.

“Trust is imperative to navigate the current threat landscape. There needs to be trust in teams, trust in technology, trust in intelligence sources, and with suppliers," stressed James McLeary, managing director and global lead of cyber risk advisory at Kroll. “However, there is a critical balance to be made on how much and where that trust should be placed."

Trust extends to how organizations view their cyber defense tools and personnel. Respondents demonstrated a higher level of trust in their employees to prevent cyberattacks than in cybersecurity alerts, tools, and threat intelligence data. This overreliance on human judgment over data could result in pitfalls in maintaining cyber vigilance.

The study also reveals a shocking gap in cyber insurance coverage. A mere 23% of companies benefit from specific cybersecurity insurance coverage. This exposes a glaring risk, especially given the prevalence of cyber incidents in the past year.

“To become fully cyber resilient, organizations need to continually assess their cybersecurity risk posture and ensure it is not only all-encompassing and holistic but appropriate in an ever-changing world," advised Lester Lim, associate managing director of Cyber Risk, Kroll.

This report exposes how misplaced trust has wide-ranging impacts on how businesses deal with cybersecurity. The key takeaway is clear—trust is critical, but only when placed in the right areas. Organizations must rebalance their trust and invest in a blend of technology, insurance, and informed strategy to safeguard against cyber threats.

Image credit: iStockphoto/Deagreez