A survey of 1,900 executives at clients of
the accountancy firm Ernst and Young found that almost all (96%) felt
“unprepared” for a cyberattack – due to budget cuts and lack of skilled
staff.
Constraints on budgets, at 69% and a perceived lack of skilled staff
at 66% were the biggest barriers to good security, according to a report
by IT Pro Portal.
“In addition to our survey, we interviewed a number of
senior executives representing organizations that in EY’s experience
demonstrate leading practices in addressing cyber risks,” the firm said
in its study.
Awareness of the dangers does appear to be rising – 70% of
organizations say that information security is now dealt with at
the”highest level”, and nearly half (43%) of firms have increased IT
security budgets, according to the report.
Mark Brown, the company’s director of information
security, said, “This year’s results show that while businesses are
faced with a rising number of security breaches, budget constraints and
talent shortages mean that they fail to put in place those systems that
match their needs.”
Two thirds of those surveyed felt that the number of security
incidents their organization faced had grown by 5% or more in the past
12 months. Around a third – 28% – suggested that the problem stemmed
partially from a lack of awareness among executives, according to WorkPlace Law.
Ernst and Young said in its report, “As many organizations
have learned, sometimes the hard way, cyber attacks are no longer a
matter of if, but when. Hackers are increasingly relentless and often
politically motivated.”
“Overall, 43% of survey respondents indicate that their
budgets are on the rise. Within the government and public sectors, some
respondents reported budget increases, but a majority indicate that
their budgets have stayed the same as last year. Small businesses with a
turnover of less than US$10m or businesses located in rapid-growth
markets report the highest increases as a percentage of their budgets.”
The report’s conclusion, though,
suggests more needs to be done, “Despite the efforts organizations have
made over the course of the last 12 months to improve their information
security programs, much more still needs to be done.Only 23% of
respondents rated security awareness and training as their number one
or two priority; 32% ranked it last. The only security area rated a
lower priority by more respondents was threat and vulnerability
management, an activity for which 31% of respondents had no program;
this is surprising, as without it organizations have little visibility
into where the cyber threats are and where a cyber attack may be coming
from.”
No comments:
Post a Comment