Cybersecurity really matters to business leaders. They want to address cybersecurity, recognizing the benefits of doing so to their organization and society.
In fact, according to our new Risk:Value Report, 84% believe that strong cybersecurity will help their business, while 88% believe cybersecurity has a big role to play in society.
However, our report also shows that many businesses are failing to make progress.
Organizations have told us that their critical data is no more secure than it was last year. Fewer than half (48%) of all organizations say that all their critical data is secure. Worryingly, a third of respondents would rather pay a ransom to a hacker than invest more in security – the same figure as 2018, again showing a lack of progression.
You would think security budgets would have increased to reflect the growing demands on security teams, as well as the skills shortage is hitting resource-strapped businesses, but sadly this is not the case.
The lack of progress among many companies is especially concerning, because cyber criminals are becoming more advanced. Hacking campaigns are becoming ever-more effective and they are causing more damage, with breaches and customer record exposures stretching into the hundreds of millions.
Among the many examples are the loss of up to 383 million customer records from Marriott Hotels (including over five million passport numbers) discovered in late 2018, and the exposure of 540 million Facebook customer accounts by third party developers in 2019. Equifax was also downgraded by Moody’s in May 2018 after its cyber hack in 2017.
At the same time, the number of vulnerabilities identified and reported has increased to 16,555 in 2018 from 6,477 in 2016, according to data published in the 2019 Global Threat Intelligence Report (GTIR).
Companies don't know which way to turn and our caught in the headlights of increasing cyber threats. Unless companies move forward and have a comprehensive risk assessment, cyber criminals will take advantage of this paralysis and data breaches will therefore continue to make headlines. And the consequences of an attack will be bleak too.
In the same Risk:Value Report, it has been highlighted that the time spent on recovering from a breach is rising year on year, with an expected recovery time of 66 days – a like-for-like increase of nine days over 2018. The estimated revenue loss in percentage terms is also up year-on-year – 12.7% in 2019, compared to 10.3% in 2018 and 9.9% in 2017.
Organizations must act now to address their areas of weakness in cybersecurity. While it’s clear that decision makers see security as an enabler – and their awareness of the risks is high – organizations still lack the ability, or perhaps the will, to manage them effectively.
We need to see higher investment in areas like internal security policies and incident response plans, as well as an improvement in knowledge about regulations that affect companies. With an increasing skills shortage - you also need to identify those key internal resources and look to establish strong partnerships with Managed Security Services providers who focus on the key threats and compliance issues that effect your business. The bottom line? The design and execution of cybersecurity strategies must improve or business risk will escalate for the organizations concerned.
Download our 2019 Risk:Value Report here for more findings plus recommendations on how businesses can make progress with their cybersecurity.