“Organisations now better prepared to predict and resist cyber attacks” asserts EY

Global organisations are now more confident than ever that they can predict and resist a sophisticated cyber attack, but at the same time they’re falling short in terms of investments and plans designed to recover from a breach in today’s expanding threat landscape. These are the key findings from a new study conducted by EY.

The annual Global Information Security Survey, entitled ‘Path to Cyber Resilience: Sense, Resist, React’, shows that half (50%) of those professionals surveyed said they could detect a sophisticated cyber attack – the highest level of confidence since 2013 – due to investments in cyber threat intelligence aimed at predicting what they can expect from an attack, continuous monitoring mechanisms, Security Operations Centres and active defence mechanisms. However, despite these investments, 86% of those surveyed believe their cyber security function doesn’t fully meet their organisation’s needs.

Paul van Kessel, EY’s global advisory cyber security leader, informed Risk UK: “Organisations have come a long way in preparing for a cyber breach, but as fast as they improve, cyber attackers come up with new tricks. On that basis, businesses need to sharpen their senses and upgrade resistance to attacks. They also need to think beyond just protection and security and focus on ‘cyber resilience’. In other words, an organisation-wide response that helps them prepare for and fully address these inevitable cyber security incidents. In the event of an attack, they need to have a plan in place, be prepared to repair the damage quickly and make sure the organisation’s back on its feet. If not, then they put their customers, employees, vendors and, ultimately, their own future at risk.”

This year’s survey also shows that respondents continue to cite the same key areas of concern for their cyber security, such as increased risks stemming from the actions of careless or unaware employees (55% compared with 44% in 2015) and unauthorised access to data (54% compared with 32% in 2015).

Obstacles to information security

Meanwhile, obstacles to organisations’ information security function are virtually unchanged from last year, including:

*budget constraints (61% compared with 62% in 2015)

*lack of skilled resources (56% compared with 57% in 2015)

*lack of executive awareness or support (32%, which is the same result as that recorded in 2015)

Despite the connected nature of today’s digital ecosystem, the survey finds that 62% of global organisations said it was unlikely they would increase their cyber security spending after a breach that didn’t appear to do any harm to their operations. Also, 58% of respondents stated it was unlikely they would increase their information security spending if a competitor was attacked, while 68% said it was unlikely they would increase their information security spending if a supplier was attacked.

In the event of an attack that definitely compromised data, almost half of the respondents (48%) wouldn’t notify customers who had been impacted within the first week of the incident having occurred. Overall, 42% of respondents don’t have an agreed communications strategy or plan in place in the event of a significant attack.

When it comes to devices, organisations are struggling with the number that are continuously being added to their digital ecosystem. Almost three-quarters (73%) of organisations surveyed are concerned about poor user awareness and behaviour around mobile devices, such as laptops, tablets and smart phones.

Half (50%) cited the loss of a smart device as a top risk associated with the growing use of mobile devices because they encompass both information and identity loss.

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts