Do companies take cybersecurity seriously enough?
JOHANNESBURG – The hard truth that companies must face is that there is no way that cybersecurity risk can be fully eliminated. On the other hand, there are steps that organisations can take to prevent many attacks or mitigate the consequences if any such attacks occur.
A recent survey by Microsoft and Marsh provides some valuable insights into how businesses perceive some of these challenges.
While 79 percent respondents on the study, called 2019 Global Cyber Risk Perception Survey, have made cybersecurity their top-tier priority, they are quite unsure as to how to best address the issue.
In addition, the study – which canvassed views from 1 500 business leaders across the globe – shows that almost a quarter of the companies asked had “no confidence” in responding to and recovering from cyberattacks.
The general decline in confidence from the 2017 edition of the same survey affects other key areas of cyber-resilience, such as preventing cyberthreats or even assessing and understanding them.
Companies that aim to keep up with the ever-evolving world also need to adopt new technologies. That said, they often lack confidence in their ability to secure these technologies, which can handicap them in such endeavours.
A total of 74 percent of organisations evaluate risks in some way prior to adopting new technology, while 54 percent assess them after adopting them. While that might sound reassuring to a certain extent, the reality is a bit different, as only 36 percent of the organisations asked, evaluate the risks both before and after the adoption of new technologies.
A mere 5 percent evaluate risks at all stages, whereas 11 percent don’t evaluate them at all.
It is no surprise then that the potential risks involved may dissuade some organisations from adopting emerging technologies, the reason being that the risks outweigh the potential benefits. According to the survey that happens in 23 percent of the cases.
Then there is the issue of trust between companies and third-party providers.
Certain levels of trust among these parties are indeed standard, with 32 percent of the survey’s participants claiming to trust the vendors to take the necessary steps to secure their products.
On the other hand, 40 percent of the respondents are proponents of the trust-but-verify approach where they do not accept the security claims of the providers. Instead, they always take the necessary precautions and conduct their own due diligence.
Even though more and more companies are starting to approach cybersecurity as a top-tier issue, there is still a great disparity between how cybersecurity is perceived and how it is approached in practice.
The numbers mentioned above provide a narrative where a large percentage of companies are not sure about how to deal with cybersecurity, and we can go as far as saying that many of them underestimate it.
By extension, it can be safely assumed that many organisations across the world have yet to ensure they’re well-equipped to counter the growing cybersecurity threats.
Carey van Vlaanderen is the chief executive of ESET South Africa.