Survey: Cyber Complacency Growing
Despite an alarming increase in the frequency and severity of cyber attacks, enterprises large and small claim they are doing enough to mitigate the effects of a data breach.
New data released this week by market analyst Juniper Research indicates that a whopping 86 percent of U.K. enterprises responding to a recent survey believe they are doing enough to withstand a cyber attack. Of those, more than 80 percent of senior executives believe their IT infrastructure is secure.
High-profile cyber attacks on retailers along with a series of ransomware attacks on healthcare providers have undoubtedly raised awareness of the necessity for stronger cyber defenses. But cyber threats tend to evolve quickly, and more vendors are offering new capabilities that go beyond traditional firewalls and other steps to head off malware and other cyber attacks as they unfold.
Hence, some enterprises are attempting to be more proactive in how they defend IT infrastructure, especially cloud platforms. Meanwhile, a growing number of cyber vendors argue that security must be "baked in" to IT infrastructure. Nevertheless, the survey results released on Tuesday (Sept. 13) indicate that many may be letting down their guard.
"Increasingly, businesses are moving critical infrastructure online, making them more vulnerable to digital threats," London-based Juniper Research noted. "Despite increased concern and spend on cyber security over the last year, there is a high degree of complacency, with few common practices in response to this threat."
Part of the problem is bureaucratic: The survey found that responsibility for cyber security tends to be spread across organizations, with only about one-quarter of companies having a dedicated security executive. In most cases, respondents said security was not their department's responsibility.
That's a growing concern given the frequency and severity of attacks and growing financial incentives to launch cyber attacks. Half of respondents to the Juniper Research survey said they have attacked, with two-thirds of those attacks occurring within the past year. Of those, 29 percent resulted in data breaches,
"Our study shows that businesses believe they are far more secure than they really are," noted Windsor Holden of Juniper Research. "While no business can be completely safe nowadays, there are steps that companies can take to ensure they are as safe as possible, and can recover as quickly as possible in the event of a cyber attack.”
While the survey queried only British companies, about 200 in all, the results probably reflect overall trends since hackers make few distinctions about where their victims are located. Indeed, some of the highest profile cyber attacks have occurred in the U.S., prompting concerns that American companies are equally vulnerable.
Among the steps being taken by U.K. enterprises to prevent attacks are instituting company guidelines for security practices. Other steps include penetration tests to assess vulnerability to attack and monitoring company emails for phishing attacks that often fool recipients into clicking on attachments that, for example, could unleash malware.
However, only about one-quarter of respondents reported instituting such practices.