Content, Content

Study: Executives (Sort of) Admit Network Security Defeat

Two in three business executives don’t believe their organization’s network security is strong enough to defeat cyber hackers, a new study said.

Considering that roughly 70 percent of the top brass in Radware’s 2018 Executive Application and Network Security Report admitted that their company faced a ransom attack in the past year -- greater than a four-fold spike from the 16 percent that did so just two years ago -- the ground under their feet must feel pretty shaky. The survey’s participants included some heavy-hitters -- 232 senior-level executives from businesses worldwide of at least $250 million, with more than half at the C-suite rung of companies averaging 3,700 employees.

As a group, their network security trepidation carries well past ransom money. While the financial hit to businesses is nothing to sneeze at -- 53 percent of the respondents said they coughed up cash to cyber kidnappers last year, the first time in the five-year old survey’s history that figure has surpassed 50 percent -- a significant number also pointed to unhappy customers and eroding the reputation of their brand.

For example, 41 percent of executives said that their organization have been hit with legal action from disgruntled customers following a breach. Along those lines, the same percentage identified customer loss among their biggest concerns following a cyber attack and 34 percent worried about diminished brand reputation.

Here’s more topical data from the study:

Automation. 71 percent of executives reported redirecting network security spending to investments in automated security, signaling that complex networks and changing attack vectors are pushing companies to invest in automated and machine-learning security tools.

Hybrid clouds. 96 percent of the respondents said they’re very or somewhat concerned about network vulnerabilities created by using multiple clouds. With more than 90 percent dispersing their network across multiple public and private clouds -- most host roughly 50 percent of their business applications in the cloud -- their security risks increase.

Medley of attacks. Nearly 40 percent of executives reported having to fend off daily or weekly cyber attacks. Among the types of attacks, social engineering and ransomware were named by 38 percent of the participants, closely followed by malware at 37 percent, IoT botnet powered DDoS attacks at 35 percent and encrypted attacks at 35 percent. Of note, 41 percent of execs said they face legal challenges associated with decrypting traffic on their network.

Nation-state attacks. More than half of U.S. executives said nation-state threats have motivated them to upgrade their security, outpacing their counterparts in the EMEA and APAC regions. By comparison, 41 percent in EMEA have felt the push to improve security as have 30 percent in the APAC geography.

Peer pressure. Roughly 60 percent of executives said that attacks on peer companies influenced their decision to fortify network security. A similar percentage of respondents said infiltration into their own organizations had prompted changes in their security posture.

“A reactionary security strategy limits an organization’s ability to secure customer data, protect their brand’s reputation, and achieve business goals,” said Anna Convery-Pelletier, Radware’s CMO. “Investing in appropriate security solutions is no longer simply an IT expense, it is fundamental to a business’ long term success.”

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.