A new research report by CSI looking into the top concerns of cyber security decision makers finds that 78% believe the current cost-of-living crisis will increase the risk of a cyber threat occurring in their organisation. This finding was especially prevalent in the healthcare (84%) and financial services (86%) sectors.
The survey, conducted by Sapio Research on behalf of CSI among 252 senior cybersecurity decision makers working in companies employing 250+ people, showed that 93% of those surveyed are currently being kept awake at night worrying about organisational security issues. The top three issues reported were lack of cyber security skills within the organisation (30%), limited resources within the IT team (29%) and old IT infrastructure (27%). 25% of cyber security decision makers were also worried about third party suppliers leaving them vulnerable to a cyber-attack.
Leyton Jefferies, Head of Cyber Security Services, CSI, comments: “The cost-of-living crisis is very attractive for threat actors looking to prey on victims who may be more vulnerable than normal. Criminal opportunists understand that resources are increasingly being squeezed and constrained and employees may be less diligent about clicking on links. Unfortunately, it presents the perfect landscape for them to thrive. The paranoia in the healthcare and financial services sectors may be due to recent high-profile breaches and a greater understanding of the power of the data that they hold. Of course, the positive that we can take away from this is the level of awareness and an obvious reluctance to brush off the perceived risk. Cyber security decision makers appear to be going into this recession with their eyes wide open.”
Nick Westall, CTO, CSI, explains, “While the level of security concern exhibited by cyber security decision makers may be justified, operationalising this mentality across the whole organisation will be one of the biggest factors to tackle this year. Effective cyber hygiene relies on fostering a zero-trust culture which assumes that every user and device accessing a network is a potential threat. To make this happen, involvement across the C-Suite is needed to ensure that cyber security investments are worthwhile and effective, and that security training is implemented at every level.”
For respondents in the healthcare sector, a lack of budget was a top concern (30%). This is particularly worrying for an industry where the perceived risk is higher.
But one of the reasons why this was not a top worry of other sectors may be down to a greater understanding of the cyber security challenge at board level. Gartner recently found that 88% of boards now regard cyber security as a business risk rather than solely an IT problem.
However, this acceptance of responsibility isn’t true in all cases. CSI research found that almost 1 in 3 (28%) of those in larger organisations (10,000+ employees) say the board don’t take cyber security seriously enough, demonstrating that more collaboration is required.