By Daniel Hunter
The majority of businesses and organisations are facing a rising threat of cyber attacks, but more than a third don't have the real-time insights needed to tackle cyber crime, according to EY’s annual Global Information Security survey, Get Ahead of Cybercrime.
EY found that the risk of cyber attacks is growing for 67% of organisations, and 37% of them don't have the tools to defend themselves against attacks.
Companies are lacking the agility, the budget and the skills to mitigate known vulnerabilities and successfully prepare for and address cybersecurity. Forty-three percent of respondents say that their organisation’s total information security budget will stay approximately the same in the coming 12 months despite increasing threats, which is only a marginal improvement to 2013 when 46% said budgets would not change.
Over half (53%) say that a lack of skilled resources is one of the main obstacles challenging their information security program and only 5% of responding companies have a threat intelligence team with dedicated analysts. These figures also represent no material difference to 2013, when 50% highlighted a lack of skilled resources and 4% said they had a threat intelligence team with dedicated analysts.
”Careless or unaware employees” is revealed as the number one vulnerability companies face, with 38% of respondents saying it is their first priority, and ”outdated information security controls or architecture” and “cloud computing use” are second and third respectively (35% and 17%). ”Stealing financial information,” “disrupting or defacing the organisation” and “stealing intellectual property or data” are the top three threats (28%, 25% and 20% respectively say it is their first priority).
Mark Brown, Executive Director of Cyber Security and Resilience at EY, says:
“Cyber-attacks have the potential to be far-reaching — not only financially, but also in terms of brand and reputation damage, the loss of competitive advantage and regulatory non-compliance. Organisations must undertake a journey from a reactive to a proactive posture, transforming themselves from easy targets for cybercriminals into more formidable adversaries.
“Too many organisations still fall short in mastering the foundational components of cybersecurity. The UK government has attempted to fill this void by introducing the Cyber Essential Scheme. However, today’s findings highlight that organisations are not taking the basic steps, such as setting up a security operations centre or putting in place an incident response plan, and this continues to be a major cause for concern. Within the UK, we would recommend organisations to engage with UK government backed initiatives such as Cyber information Sharing Partnership (CISP) and UK CERT as well as establishing internal capabilities to respond to this threat.”
You can tweet your reactions to @freshbusiness or email firstname.lastname@example.org
Join us on