Most Businesses Lack Confidence In Ability To Overcome Cyberattacks

New research has revealed the scale of the challenge facing chief information security officers (CISOs) in today’s climate.

The research from Palo Alto Networks and IDC Research focused on how prepared organisations are against cyberattacks. And the findings are a little worrying.

The research for example found that many organisations still have a long way to go in their cyber resilience plans, with only 28 percent of CISOs regularly testing their recovery plans and just 40 percent of organisations feeling confident in their ability to overcome a cyberattack without major disruption.

Cyberattack resilience

This means that a majority of organisations are not confident in their ability to overcome cyberattacks, which is alarming considering the current threat levels facing most organisations and businesses nowadays.

It comes as research from insurance firm Aviva last month found that one in five UK businesses have experienced a cyberattack or incident in the last year.

Digging down into the Palo Alto Networks research, it revealed that only 38 percent of CISOs across EMEA (Europe, Middle East, and Africa) believe their cyber resilience state is mature.

When this is expanded across EMEA and LATAM (Latin America), the research found that just 28 percent of CISOs regularly test their recovery plans and 40 percent of organisations feel confident in their ability to overcome a cyberattack without major disruption.

Surprisingly, just 21 percent of CISOs in the banking, financial services and insurance industry regularly test recovery plans, which is one of the lowest rates across verticals, despite it being one of the most heavily regulated sectors.

Skills shortage

But it is clear that CISOs have a difficult task dealing with the current threat landscape.

CISOs are having to cope with a persistent talent shortage. Indeed, a lack of emerging security technology skills ranks as the top challenges in achieving cyber resilience, both cited by 70 percent of respondents, followed by lack of correlation across multiple point products (52 percent).

The research show how, despite 78 percent of organisations in EMEA and LATAM acknowledging the significance of cyber resilience, fragmentation and demand for resources are preventing aspirations from aligning with reality.

“Despite moderate maturity levels across EMEA and LATAM, it’s surprising how few CISOs are equipped to regularly test their recovery plans,” said Haider Pasha, chief security officer, EMEA & LATAM, at Palo Alto Networks.

“But CISOs face an uphill battle,” said Pasha. “On the one hand, geopolitical events and supply chain disruption are adding to the threat level, while on the other hand, a shortage of talent and relevant expertise all make implementing solutions and preparing to counter future attacks ever more challenging.”

Regional differences

The Palo Alto Networks research uncovered surprisingly few differences between markets in Europe, Latin America and the Middle East.

It showed a consensus that cyber resilience is mission-critical for businesses. Markets where cyber resilience is the biggest priority include the Kingdom of Saudi Arabia (48 percent of respondents), Spain (44 percent), Brazil (43 percent) and France (42 percent).

Some European markets, including Germany and the UK, are less likely to consider it a business priority.

Alongside fragmentation, the research highlights a number of technology challenges. Using mature cybersecurity controls for cyber resilience stands at just 11 percent with some EMEA countries rating it as low as 0-5 percent, and most rely heavily on business continuity plans (74 percent), disaster recovery plans (72 percent), ransomware recovery plans (54 percent) and crisis management strategies (51 percent).

“What’s clear is that many organisations don’t yet have the resources and confidence to implement a cyber-resilient tech stack designed to prevent attacks,” said Haider Pasha. “Instead, they have to rely heavily on tactics such as disaster recovery, which are designed to respond to incidents, rather than plan for them. The lack of visibility into the impact of threats and the focus on resolution is leaving organisations exposed to more threats and unable to plan for future risks.”

Management backing

The research also indicated the necessity of the backing of senior management, ahead regulatory pressures, in order to improve an organisation’s cyber resilience.

The research found that 72 percent of respondents said board members are a primary driver of the organisation’s focus on cyber resilience, higher than regulatory imperatives (70 percent).

“A clear commitment from senior management to create and maintain clear cybersecurity policies and measure impact, as well as empower middle management to make faster decisions, is vital, said Haider Pasha.

“Without it, the onus is put on cybersecurity teams to react to incidents, instead of training the company to develop better postures.”

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago