EY Survey Finds Businesses Consider Cybersecurity an Afterthought
In a time where a lot of companies should be more concerned about their cybersecurity, EY has found in a recent survey that most companies aren’t even considering this element as a priority. The EY Global Information Security Survey (GISS) found several inconsistencies in businesses’ approach to cybersecurity. Only about one-third of respondents understood the need for cybersecurity at the planning stages of a new business initiative. With cyberattacks increasing with each successive year, omitting cybersecurity as a significant concern may end badly for at least two-thirds of new businesses.
The Breakdown of Statistics
The study took into account the opinions of 1,300 cybersecurity leaders employed at organizations around the globe. Almost 60% of organizations suffered from disruptive attacks over the last year. Organized crime groups (23% of reported attacks) and activists (21% of reported attacks) were responsible for the most malicious intrusions into corporate assets. Last year’s report saw that only 12% of professionals considered activists a serious threat to business. As the risk increases, the need for new companies employing cybersecurity also grows. The report found that as little as 36% of new technology-enabled companies even considered cybersecurity at their earliest stages of development.
Moving Past Checklists
Kris Lovejoy, EY’s Global Cybersecurity Leader in Advisory, stated that even today, most companies consider cybersecurity as a series of things on a checklist that a company should implement to be safe. He thinks this a misunderstanding of cybersecurity and suggests that businesses look into developing a more holistic approach to the issue. His solution is to advise companies to create a culture of security by design, with the Chief Information and Security Officer (CISO) being advisory as opposed to an oversight manager as most companies implement them today. The report further found that most cybersecurity departments worked closely with other departments such as legal, risk, audit, and IT, but had a larger disconnect with other departments such as marketing and R&D.
