Kaspersky Lab’s latest survey[1] shows a visible gap between the preventative measures IT Decision Makers from European organisations say their organisation takes and the actual measures – while 83% agree they do take precautions to help prevent cyberattacks, only 41% provide security training to all employees and only 53% think their organisation has robust security policies in place. A vast majority of IT Decision Makers also express their interest in finding out who was behind an attack, if their organisation is breached, with almost 80% agreeing they would like to know. The survey was conducted on behalf of Kaspersky Lab among IT Decision Makers from European organisations in six countries: Germany, UK, France, Italy, Spain, and Romania.
The gap between perception and reality
The fact that cybersecurity has won its place on the news agenda in the last years helps companies become more aware of the complex damage a cyberattack might have on them. According to our latest research, one-in-two IT Decision Makers (51%) would find it difficult to estimate total losses after a cyberattack, as they realise that the impact is widespread and includes reputational loss. The highest percentages were recorded in the UK (62%), followed by Spain (54%). At the same time, 57% of IT Decision Makers are aware of the fact that attackers constantly improve their tools and tactics, feeling that it is easy for cyber attackers to carry out their attacks without leaving any clues as to their identity.
According to the survey, when a cyberattack occurs, 79% of IT Decision Makers would like to know who was behind the attack. However, 68% of IT Decision Makers also feel that it is very rare cyber attackers are caught and brought to justice.
However, when going into details, things change dramatically: although 53% of IT Decision Makers agree that their organisation has robust security policies in place, only four in ten European businesses (41%) provide cybersecurity training for all employees, with France and the UK totalling one third: (33% France, 34% UK). Unfortunately, we have seen more than once the huge difference between written and actual security policies to know that establishing security policies without proper and regular training is practically useless.
The number of organisations that provide cybersecurity training to their IT teams is slightly higher than those providing training to all employees: 43% versus 41%. However, this is not enough, as previous research showed that almost half (46%) of cybersecurity incidents in 2017 were caused by employees – most of them working in non-IT departments.
More intelligence, better prepared to fight intruders
A positive aspect highlighted by the survey is that almost one third of European businesses resort to threat intelligence reports (30%), which suggests the fact that more and more IT Decision Makers realise the importance of IT teams being able to count on high-quality threat intelligence in order to prepare the best incident response.
Commenting on the results of the survey, David Emm, principal security researcher at Kaspersky Lab, said: “Awareness regarding cyberthreats is a very basic step for organisations, as a key foundation for staying protected from cyberthreats. Our research has found that European organisations acknowledge cyber risks, but it is concerning that only one-in-10 European organisations still do not take any effective preventative measures against cyberattacks, possibly hoping that ‘maybe it won’t happen to us.
“However, it has been proven time and time again, preventative measures and proper defence are far more affordable than the impact of a disastrous attack that can even mean the end of a business. Although when a cyberattack occurs businesses would like to know who’s behind it. Unfortunately attribution is fraught with difficulties, so it’s therefore much more productive to invest in measures to reduce the risk of attack and mitigate any attack that does occur”.
Kaspersky Lab’s portfolio includes solutions and products for various business needs – be it enterprises, SMBs or VSBs – that cover robust endpoint protection, DDoS protection, advanced threat defense, hybrid cloud security and cybersecurity services, including Security Awareness training for employees. Furthermore, our threat intelligence service offers in-depth visibility into cyberthreats targeting organisations. To learn more about our solutions for companies of any size, please visit our website.
Kaspersky Lab’s Global Research and Analysis Team (GReAT) is an unrivalled team of talented security professionals mastering the art of uncovering advanced targeted attacks, major malware, ransomware, cyber-espionage campaigns and sneaky underground cybercriminals in order to make the world a safer place for organisations and individuals. GReAT has investigated hundreds of cyberattacks, helping organisations and law enforcement agencies to deal with incident impact, response and investigations. Cooperation between GReAT and law enforcement agencies led to cyber attackers being caught and brought to justice, one of the most famous cases being that of CoinVault. Find out more about GReAT here.