A recent survey shows a visible gap between the preventative measures IT decision-makers from European organisations say their organisation take, and the actual measures.
While 83% agree they do take precautions to help prevent cyberattacks, only 41% provide security training to all employees and only 53% think their organisation has robust security policies in place. A vast majority of IT decision makers also express their interest in finding out who was behind an attack, if their organisation is breached, with almost 80% agreeing they would like to know. The survey was conducted on behalf of Kaspersky Lab among IT decision makers from European organisations in six countries: Germany, UK, France, Italy, Spain, and Romania.
The fact that cybersecurity has won its place on the news agenda in recent years has helped companies become more aware of the complex damage a cyberattack might cause. According to our latest research, one-in-two IT decision makers (51%) would find it difficult to estimate total losses after a cyberattack, as they realise that the impact is widespread and includes reputational loss. The highest percentages were recorded in the UK (62%), followed by Spain (54%). At the same time, 57% of IT decision makers are aware that attackers constantly improve their tools and tactics, feeling that it is easy for cyber-attackers to carry out their attacks without leaving any clues as to their identity.
According to the survey, when a cyberattack occurs, 79% of IT decision makers would like to know who was behind the attack. However, 68% of IT decision makers also feel that it is very rare that cyber-attackers are caught and brought to justice.
However, when looking closer at the findings, things change dramatically: although 53% of IT decision makers agree that their organisation has robust security policies in place, only four in ten European businesses (41%) provide cybersecurity training for all employees, with France and the UK totalling one third: (33% France, 34% UK). Unfortunately, we have seen more than once the huge difference between written and actual security policies to know that establishing security policies without proper and regular training is practically useless.
The number of organisations that provide cybersecurity training to their IT teams is slightly higher than those providing training to all employees: 43% versus 41%. However, this is not enough, as previous research showed that almost half (46%) of cybersecurity incidents in 2017 were caused by employees – most of them working in non-IT departments.
More intelligence, better prepared to fight intruders
A positive aspect highlighted by the survey is that almost one third of European businesses resort to threat intelligence reports (30%), which suggests the fact that more and more IT decision makers realise the importance of IT teams being able to count on high-quality threat intelligence in order to prepare the best incident response.
Commenting on the results of the survey, David Emm, principal security researcher at Kaspersky Lab, said: “Awareness regarding cyberthreats is a very basic step for organisations, as a key foundation for staying protected from cyberthreats. Our research has found that European organisations acknowledge cyber risks, but it is concerning that only one-in-10 European organisations still do not take any effective preventative measures against cyberattacks, possibly hoping that ‘maybe it won’t happen to us.
“However, it has been proven time and time again, preventative measures and proper defence are far more affordable than the impact of a disastrous attack that can even mean the end of a business. Although when a cyberattack occurs businesses would like to know who’s behind it. Unfortunately attribution is fraught with difficulties, so it’s therefore much more productive to invest in measures to reduce the risk of attack and mitigate any attack that does occur”.
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.
Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/