A new study, called “The Cybersecurity Imperative“ explores the cybersecurity practices and initiatives of global organizations, providing insight into the current cyber landscape and that of the following few years, Security Industry Association (SIA) reports. The study was conducted by ESI ThoughtLab, together with research partner the Wall Street Journal’s WSJ Pro Cybersecurity and a cross-industry coalition. It included 1300 companies on a global scale and the key finding is that those whose cybersecurity practices do not keep pace with their digital transformation initiatives are more likely to see $1 million or more in losses from cyberattacks.

As companies constantly embrace new technologies and adopt open platforms in their work, the cybersecurity threats rise in parallel. “The Cybersecurity Imperative“ reveals that at the moment companies suffer most from malware – 81%, phishing takes the second place with 64% and ransomware is last, although still a significant number – 63%.

However, researchers found that the predictions for the next two years are different. A massive growth in attacks through partners, customers and vendors is expected with the staggering 247% growth. Growth in attacks affecting supply chains is 146%; denial of service (+144%); apps (+85%); and embedded systems (+84%).

“Companies need to make sure that their cybersecurity programs keep pace with their digital transformation effort. Cybersecurity should not be an afterthought. It needs to be integrated into the fabric of an organization’s growth strategy.”

– Lou Celi, CEO of ESI ThoughtLab and director of the study.

Another interesting finding is that what imposes a company to a cybersecurity threat is its general staff which in most cases is not well trained how to avoid attacks. The proportion of that risk is estimated at 87% while unsophisticated hackers are cited as threatening by 59% of firms, cybercriminals (57%) and social engineers (44%).

According to 57% of the survey respondents think data sharing with partners and vendors is the main IT vulnerability of their workplace. Nonetheless, only 17% of them report putting efforts and allocating budget for staff trainings on cybersecurity awareness.

The study also explored what the investment plans of companies in relation to their cybersecurity. A rise is expected this year – with 7% and with 14% in 2019. On average, companies with revenue between $250 million and $1 billion will spend $2.9 million next year, $1-5 billion ($5.7 million), $5-$20 billion ($10.7 million) and $20+ billion  ($16.8 million).

For the time being, companies use a variety of technologies to improve cybersecurity:

  •         multi-factor authentication (90%)
  •         blockchain (68%)
  •         Internet of Things (62%)
  •         artificial intelligence (AI) (44%

One of the positive predictions in the is that as corporate cybersecurity systems mature, the probability of costly cyberattacks declines. Cybersecurity beginners have a 21.1% probability of cyberattacks generating over $1 million in losses versus 16.1% for intermediates and 15.6% for leaders. The costs of cyberattacks also decrease as cybersecurity matures.

Photo: Security Industry Association