More than 80 per cent of organisations fail to regard cybersecurity as importantly as they should and admit to operating with a limited resilience budget.
It’s just a year since a series of large-scale cybersecurity breaches and ongoing recriminations over state-sponsored interventions caused widespread disruption to government and corporate institutions across the UK and beyond. Now, new research has shown that 87 per cent of organisations are still failing to properly invest in the level of security and resilience they need.
A survey of more than 1,400 C-level cybersecurity and risk leaders from some of the world’s largest and most recognised organisations, with revenues ranging from less than $10 million to over $10 billion, examined some of the most urgent concerns about cybersecurity and the efforts being made to manage them.
It found 87 per cent of organisations operate with a limited budget to provide for the level of cybersecurity and resilience they require and 55 per cent don’t make protection an integral part of their overall business strategy and execution plans. Surprisingly, larger organisations (58 per cent) are more likely to fall short than smaller ones (54 per cent).
Just 8 per cent of those who took part in the latest EY Global Information Security Survey 2018-19 survey said they felt their current information security function fully meets their requirements while 78 per cent of larger organisations and 65 per cent of smaller ones said theirs only partially met their needs.
However, there are signs of improvement as it appears cybersecurity is continuing to rise up the agenda at board level and budgets are increasing to deal with the increased risks.
Many organisations (77 per cent) are now seeking to move beyond basic cybersecurity protections toward fine-tuning their capabilities using advanced technologies like artificial intelligence, robotic process automation and analytics, among others.
These organisations are continuing to work on their cybersecurity essentials, but they are also rethinking their cybersecurity framework and architecture to support the business more effectively and efficiently.
All the organisations surveyed are going through digital transformation projects and are increasing their spending on emerging technologies. The study reveals cloud computing (52 per cent), cybersecurity analytics (38 per cent) and mobile computing (33 per cent) as the highest priorities for cybersecurity investment in emerging technologies this year.
Paul van Kessel, EY Global Advisory Cybersecurity Leader, said: “Organisations are increasingly investing in emerging technologies as part of their digital transformation programmes, and while these have created multiple new possibilities, they also create new vulnerabilities and threats.
“Organisations should be aware that building a level of trust with customers is critical to the success of their transformation programs. To build this trust, cybersecurity needs to be embedded in the DNA of the organisation, starting with making it an integral part of the business strategy.”
Remarkably many organisations said they would be unlikely to step up their cybersecurity practices or spend more money unless they suffered some sort of breach or incident that caused very negative impacts.
The survey found the riskiest vulnerabilities are careless or unaware employees (34 per cent), outdated security controls (26 per cent), unauthorised access (13 per cent) and related to cloud-computing use (10 per cent).
One of the biggest problems facing the vast majority of organisations (82 per cent) is that they are unclear about whether they are successfully identifying breaches and incidents.
Among organisations that have been hit by an incident over the past year, less than a third (31 per cent) said the compromise was discovered by their security centre.