Under cyber attack, EY’s 16th annual Global Information Security Survey, shows that cyber attacks around the world are increasing in volume and sophistication. Many organizations do not even know they are victims of cyber attacks.
The costs of these attacks to the organization – whether financial or reputational – can be staggering. For CFOs, information security needs to be a top priority in safeguarding their organization’s future.
EMEIA Cybersecurity - find out more
EMEIA Cybersecurity - find out more. [See a transcript of this video]
Threats are increasing.
Of the 1,900 organizations around the world surveyed for this study, 59% cite an increase in external threats in the last year. However, more companies have been compromised than realize it.
Companies are doing more, but not enough.
While 43% of respondents say their company has increased their budgets for information security, many information security professionals believe that they have insufficient resources to meet the threats they face.
The C-suite must be onboard.
To build the capacity to tackle the increase of cyber threats, executives must support their information security teams. Together they can put the investment and strategy in place. Just 1 in 10 of the organizations we surveyed currently has monthly cybersecurity briefings to the board.
Many have not aligned cybersecurity to risk.
Organizations need to align their cybersecurity strategy to their risk appetite and the overall risk environment. Sixty two percent we surveyed had not created this alignment.
Organizations should spend more on innovation
When it comes to cybersecurity, organizations need to spend less on operations and maintenance, and more on investigation and innovation. Currently, only 14% of cybersecurity spending goes on security innovation, despite the rapid evolution of hacking techniques.
New developments are going to mean new threats.
If companies spend too much time and resources dealing with threats to their current technology, they may find themselves exposed when the next wave of technological change comes. New developments, such as big data and “bring your own cloud,” and those further off, such as “in-memory computing” and the “Internet of Things,” must be considered now.
Cyber threats are changing.
Hackers are becoming more organized and sophisticated, and many recent cyber attacks have involved the electronic siphoning of funds. As well as posing a significant reputational risk, these kinds of attacks can invite greater regulatory scrutiny, which in turn increases organizational costs.
Cybersecurity must be a permanent focus.
Cyber criminals are constantly changing their methods to take advantage of new technologies and new weaknesses in corporations. Companies can never completely fix cybersecurity . Organizations must continue to focus on it, and aim to recognize and counter threats before they appear.