Persistently low IT/C-suite engagement may imperil investments and expose organisations to increased cyber risk, according to new research from Trend Micro.

The research found more than 90% of the Australian IT and business decision makers surveyed expressed particular concern about ransomware attacks.

Despite widespread concern over spiralling threats, the study found that only around half (52%) of responding IT teams discuss cyber risks with the C-suite at least weekly.

"Vulnerabilities used to go months or even years before being exploited after their discovery," says Ashley Watkins, vice president, Trend Micro ANZ.

"Now it can be hours, or even sooner. More executives than ever understand that they have a responsibility to be informed, but they often feel overwhelmed by how rapidly the cybersecurity landscape evolves," says Watkins.

"IT leaders need to communicate with their board in such a way that they can understand where the organisations risk is and how they can best manage it."

Fortunately, current investment in cyber initiatives is not critically low. Just over half (54%) of respondents claimed their organisation is spending most on cyber-attacks to mitigate business risk. This was the most popular answer, above more typical projects like digital transformation (38%) and workforce transformation (29%). Over half (54%) said they have recently increased investments to mitigate the risks of ransomware attacks and security breaches.

However, low C-suite engagement combined with increased investment suggests a tendency to throw money at the problem rather than develop an understanding of the cybersecurity challenges and invest appropriately. This approach may undermine more effective strategies and risk greater financial loss. Only 38% of business decision makers claimed concepts like cyber risk and cyber risk management were known extensively in their organisation.

Most (78%) want to hold more people in the organisation responsible for managing and mitigating these risks, which would help to drive an enterprise-wide culture of security by design. The largest group of respondents (49%) favoured holding CEOs responsible. Other non-IT roles cited by respondents included CFOs (22%) and CMOs (17%).

The study follows previous Trend Micro Research revealing a worrying cybersecurity disconnect between business and IT leaders perpetuated by self-censorship from cyber experts and disagreements over who is ultimately responsible.

Trend Micro commissioned Sapio Research to interview 5321 IT and business decision makers from enterprises larger than 250 employees across 26 countries.

Trend Micro, a global cybersecurity leader, helps make the world safe for exchanging digital information. Fuelled by decades of security expertise, global threat research, and continuous innovation, Trend Micro's cybersecurity platform protects hundreds of thousands of organisations and millions of individuals across clouds, networks, devices, and endpoints.

As a leader in cloud and enterprise cybersecurity, the platform delivers a powerful range of advanced threat defence techniques optimised for environments like AWS, Microsoft, and Google, and central visibility for better, faster detection and response.