The Institute of Directors and Barclays have announced in their latest report that more than a third of businesses lack a formal strategy against cyber attack.
Of the 845 members that make the Institute of Directors, 95 per cent had said they considered cyber security to be quite or very important to their business. Despite this, 40 per cent of businesses said they would not know who to report incidents of cyber crime to.
The survey, which was conducted in December 2016, surprisingly found that the number of businesses preparing themselves for cyber attacks had not increased since last year as only 56 per cent of companies had said that have a formal strategy in place to protect business devices and data.
It was also found that 39 per cent of respondents felt vulnerable to the threat of cyber crime on their work laptops and 57 per cent on their mobiles.
Given the number of high profiled attacks on the digital economy over the past year, it is alarming to see that many enterprises have not acted to increase cyber security awareness.
Cyber security experts from Cylance, Synopsys and Synack have given their thoughts on why there has been a lack of urgency shown by businesses.
Dr Anton Grashion, managing director – security practice at Cylance, “This new report from Barclays and the Institute of Directors clearly shows that there is a striking divide between executives’ awareness that information security is a critical concern and their businesses’ actual state of defence readiness. The ability to prevent malicious software from executing on every network endpoint is absolutely critical, yet it’s telling that 39 percent worry about the security of their mobile laptops. There is great reason to worry when the vast majority of businesses are reliant on twenty-year-old antivirus technologies as their executives tote their organisations’ intellectual property – the crown jewels, as it were – around on their travels. It’s high time for even smaller corporations to investigate the vastly more effective next-generation endpoint security technologies.”
Adam Brown, manager – security solutions at Synopsys “In a recent survey at a global security conference, Synopsys found that 73% of top security professionals think it likely that their organisations will be hit with a major data breach in the next 12 months – but they won’t have enough time, money, or skilled staff to handle the crisis. Responses to cyber-attacks can be hard to address without experienced specialists on hand, so the challenge is more than just knowing who to report the incident to. Organisations need to be prepared for such breaches, furthermore they should consider the process for dealing with product releases, compliance requirements.”
Anne-Marie Chun – industry analyst at Synack “The onus is really on the security industry and security practitioners to educate the c-suite and board level, as well as product managers and asset owners, about the importance of security. There needs to be more accountability at the executive level. Until there is accountability, security will not become a priority and there will continue to be a lack of strategy.
We also need leadership from the very top – the government should take a leadership role in cybersecurity, since they have the greatest visibility into the threat and some of the most sophisticated cybersecurity capabilities. The government needs to work with commercial companies to develop a set of standards and best practices that guide how organisations not only respond to attacks, but also prevent attacks. A proactive approach to cyber defence is key to finding and remediating vulnerabilities before they are exploited and can also help mitigate the risk that a cyber attack poses to the business. In addition, the government should facilitate close collaboration between the public and private sectors – both sectors face the same threat and will be stronger together.”