Alarming Statistics on Cybersecurity From New Survey
According to a recent post by Steve King, CEO of UberConnectForce, Inc. on peerlyst.com, “Failure to understand risk is crippling cybersecurity progress”. King cites the Global Information Security Survey for 2018-19 with 1,400 global participants. Among the findings with some comments:
- More than 77% of CIOs and CISOs believed their businesses spent more time reacting to cyber threats than preparing for them. (Playing catch-up with cyber criminals is poor strategy.) While organizations are spending more on cybersecurity, too few organizations have implemented even basic security.
- 77% of organizations are operating with limited cybersecurity and resilience, and 75% don’t have a clear picture of their most critical information and assets. (If you don’t know what’s most vital to protect, you won’t protect it.)
- 65% of organizations claim they need more funding. 76% of respondents said discovery of a breach causing damage would see greater spending; almost the same number said an attack that did not appear to cause harm would not get an increase. (In other words, they would only lock the barn after the horse is stolen. While psychologically a “near miss” can lead to a perception of security, in cybersecurity perception often differs from reality.)
- Only 17% of organizations report a list of breaches, and the same percentage of board members had sufficient knowledge of cybersecurity for effective oversight. The problem may be that IT professionals request funding based on vague probabilities, rather than a business case based on real life scenarios and risk analysis comparing benefits to increased exposures.
- 77% of respondents worry about poor user awareness, but only 15% of organizations have taken basic steps to protect against third party threats.
- 34% of organizations see careless or unaware employees as their biggest vulnerablility. Risks include mobile devices and “bring your own device” programs. (Educate, educate, educate.)
- 53% of organizations have no program, or an obsolete program, to identify, detect and respond to cyber threats.
Statistics from various sources illustrate the scope of cybersecurity threats:
- 6.4 billion fake emails are sent worldwide every day.
- Almost two billion records containing sensitive information were compromised between January 2017 and March 2018.
- 550 million phishing emails were sent in a single campaign in the first quarter of 2018.
- Average cost of a data breach is US $3.62 million.
King states that cyber risk management requires the same level of analysis as any other risk management process. IT professionals must learn to articulate how cyber security translates into dollars and cents and tie security to real life cases. In other words, CIOs and CISOs must learn to speak the language of CFOs if they are to have a meaningful impact on decision making.
The post concludes with a quote from George Bernard Shaw: “The single biggest problem in communication is the illusion that it has taken place”.