What’s wrong with organizations that don’t fully dive into cybersecurity -- as incomprehensible as that may seem -- asks a new risk assessment report by NTT Security.
It’s not that they don’t want to and it’s not that they don’t recognize how serious is cybersecurity and it’s not that they don’t understand that their organization can be stopped dead in its tracks by a hacker. Inertia is as much a problem as any, the report said. Many businesses are “paralyzed” in trying to address cyber risk issues and are steadily falling behind the hackers, whose capabilities continue to advance.
By NTT Security’s measure of good cybersecurity practices, as reflected in its Value Index, in 2019, the assessment remains at +3, an indication of no progress from last year. To put the figure in perspective, the measurement range is on a scale of -41 (worst) to +27 (best). The +3 score is barely above water among the 2,256 organizations surveyed worldwide for the report.
“Given the high levels of awareness of cyber risk and the willingness to address it, you’d expect companies to be making substantial progress. However, nothing could be further from the truth,” NTT said in its report, Risk:Value Report 2019, Why are organizations failing to make progress with cybersecurity? Destination standstill. (This title has to be a solid candidate for name of the year).
The vendor attributed the poor scores to several factors:
- 52% of organizations said their critical data is not fully secured.
- 58% have formal cybersecurity policies.
- 52% have incident response plans.
- 44% have suffered an information breach.
- 36% would rather pay a hacker’s ransom than be fined for non-compliance on data protection.
Here’s some more data from the study:
- Cybersecurity threats are top of mind for business leaders: cyber attacks (43 percent), data loss or theft (37 percent), and attacks on critical infrastructure (35 percent) – particularly telecoms and energy networks – are the biggest issues for businesses after the economy.
- Businesses want to do something about cybersecurity: More than half said strong cybersecurity is absolutely vital. In fact, 88% of respondents said that strong cybersecurity measures would benefit their organization.
- 48% of all organizations said that all their critical data is secure. 45% have secured all of their organization’s data.
- 43% of organizations lack the necessary skills and resources in house to cope with the number of cybersecurity threats.
- The biggest perceived weak link in an organization’s security is third parties such as contractors (34%), followed by the workforce as a whole at 32%. Management, along with partners and suppliers are third at 18%.
- 33% would rather pay a ransom to a hacker than invest in cybersecurity, because they considered it cheaper.
- A loss of customer confidence was the biggest concern about a security incident (52%), followed closely by damage to their brand or reputation (50%) and direct financial losses (39%).
- 48% of companies have a dedicated cyber insurance policy, and another 23% are in the process of getting one.