Cybercrime is at an all-time high. However, it seems investment of money, time and people to establish and manage necessary cybersecurity planning, implementation of related processes and policies, and the adoption and oversight of needed security technologies services isn’t.
Looking back, 2017 ended with over 5,000 breaches and more than 7.9 billion records exposed, says Risk Based Security’s The Year End Data Breach QuickView Report. Halfway into 2018 we’re on pace for another annual record of massive breaches and exposures given the growing list of incidents so far.
Another study, The 2018 Hiscox Cyber Readiness Report, finds that of the 4,100 executives, department heads and other pros overseeing cybersecurity surveyed only 11 percent are deemed “cyber experts” — a measure they base on security strategy and execution. These companies already have been proactive in bolstering their security postures and primarily are looking to increase spending on areas like awareness training. However, the lion’s share of respondents, some 70 percent, are labeled “cyber novices.” Despite that high number of seemingly ill-prepared organizations, 66 percent of the 4,100 pros participating in this specialist insurance provider’s survey indicate that cybersecurity threats, along with fraud, are top risks to their organizations. As such, next year more than half of the participants plan to increase cybersecurity budgets.
And, already, those “experts” apparently have been spending. Yet, the list of mega breaches publicly reported includes household names. Given their strong brands and revenues, their cybersecurity budgets likely were solid. They spent money, millions even, and got breached. So for mid-sized and smaller organizations bearing witnessing the question may come down to this: “Why spend more if I’m likely to get attacked anyway?”
On top of this, across companies large and small, the numbers of C-level executives truly concerned about cyberattacks, remain a bit unperturbed, or at least not so disconcerted that they’re markedly upping budgets on cybersecurity in comparison, to say, investment in various cloud services that offer the allure of cost-savings and clear efficiencies while introducing more security concerns. So, the question remains: How much spending on cybersecurity is enough? That’s the crux of the problem, but it’s one that needs more attention from the C-level. As we rely more heavily on an ever-growing number of internet-connected technologies, how can we better compete against cybercriminals advancing on our data assets, PII and IP? The World Economic Forum now ranks cyberattacks as one of its top five risks to global stability. The bad guys aren’t tiring. Neither can we.