Cyber Attacks Are Daily Reality, Admit Executives
Dire threat landscape…corporate executives admit cyberattacks occur daily or weekly
A new report has provided fresh insight into the daily threats from cyberattackers faced by businesses.
The report from IT services giant Accenture revealed that nearly two-thirds (63 percent) of c-suite executives admit that “significant cyberattacks” occur daily or weekly.
Not When, If
This adds to the depressing picture of the security threat landscape currently facing industry executives. And despite that alarming stat, only 25 percent of respondents said their organisations always incorporates security measures into the design of their tech and operating models to make them more resilient.
The report surveyed 959 executives; 88 percent of whom believe their cyber defence strategy is robust, understood and fully functional. This confidence in their cyber defences is helped by the admission that 86 percent measure their resilience to determine what improvements are needed.
But, the survey also exposed some gaps in the overall corporate effort to improve business resilience from cyber threats. Only nine percent of executives said their company proactively runs inward-directed attacks and intentional failures to test their systems on a continuous basis.
Just over half (53 percent) of respondents said their company has a continuity plan that they refresh as needed.
But security still struggles to gain recognition in the IT sphere. Just 49 percent of executives map and prioritise security, as well as operational and failure scenarios. To make matters worse, even fewer (45 percent) have produced threat models to existing and planned business operations to enable rapid responses to an attack or system failure.
And only 38 percent of the executives said their companies had thoroughly documented the relationships between their technology and operational assets to identify resilience risks and dependencies in their organisation.
“Given the prevalence of cyberattacks on today’s companies and government organisations, the only question for most is when a cyberattack will occur, not if it will occur,” said Brian Walker, MD at Accenture Technology Strategy.
“While savvy executives know where their weak spots are, and work across the C-suite to prepare accordingly, testing systems, planning for various scenarios, and producing response and continuity plans that guide quick actions when a breach occurs, the data clearly shows that companies by and large have more work to do,” said Walker.
The report points out that successful enterprises recognise that responsibility for resilience and agility does not just fall to the CIO, chief information security officer (CISO) or chief risk officer. It must also involve the senior management team.
Indeed, earlier this year, a KPMG study revealed that communication between a company’s board is the biggest hurdle to overcome regarding cybersafety.
“To enable and protect the company, CEOs should work closely with their CIO, CISO and others across their leadership team as well as their board of directors, to make decisions about investments, and advance their business continuity efforts,” said Walker. “They cannot prevent an attack or failure, but they can mitigate the damage it can cause by taking steps to make their business more resilient, agile and fault-tolerant.”
What To Do
Companies are strongly advised to buddy up with similar companies and “create a digital ecosystem that enables them to team with other enterprises, augment their digital capabilities and access innovative technologies that reside outside the enterprise.”
Companies should also simplify their IT architecture and manage their assets digitally. They should also “institutionalize resilience by making it part of the operating model”.
Earlier this month executives from organisations maintaining critical infrastructure said that the government has to have a role in protecting such systems. That Intel Security study found that 86 percent of respondents felt cooperation between the public and private sectors was “critical” to protecting cyber infrastructure.
A previous study warned that financial institutions are seeing increased cyber-security threat levels and are planning to increase security spending as a result.
Are you a security pro? Try our quiz!