That is why it is important for most organizations to continue to zero in on the very basics of cybersecurity. They should first:
- Identify the key data and intellectual property (the “crown jewels”)
- Review the cybersecurity capabilities, access-management processes and other defenses
- Upgrade the shield that protects the company.
2. Optimize cybersecurity
This year’s GISS suggests that 77% of organizations are now seeking to move beyond putting basic cybersecurity protections in place to fine-tuning their capabilities. These organizations are continuing to work on their cybersecurity essentials, but they are also rethinking their cybersecurity framework and architecture to support the business more effectively and efficiently. Part of that effort is considering and implementing artificial intelligence, robotic process automation, analytics and more to increase the security of their key assets and data.
At the moment, there is significant room for improvement. Fewer than 1 in 10 organizations say their information security function currently fully meets their needs — and many are worried that vital improvements are not yet under way. Smaller companies are more likely to be lagging behind. While 78% of larger organizations say their information security function is at least partially meeting their needs, that falls to just 65% among their smaller counterparts.
Cyber criminals are raising their game, and the price of failure is high. In one recent attack, an Indian bank lost 944 million rupees (US$13.5m) after hackers installed malware on its ATM server that enabled them to make fraudulent withdrawals from cash machines.8