Security incidents high, confidence to manage them low. Really? We did see this coming – why aren’t we better prepared?
By Cameron Abbott and Olivia Coburn
RiskIQ, a US-based cyber security company, has reported that 40% of businesses surveyed in the US and the UK have experienced 5 or more significant security incidents in the past 12 months. Significant incidents include malware, targeted attacks, mobile exposures, rogue mobile apps, website or brand abuse, phishing and social impersonation.
RiskIQ, through IDG Connect, also surveyed the confidence of corporate decision-makers in their ability to handle and mitigate cyber threats. Their report, 2017 State of Enterprise Digital Defense Report, reveals that nearly two-thirds of respondents had no to modest confidence in their ability to manage digital threats.
Roughly the same amount of respondents also had no to modest confidence in their ability to address digital threats, including their ability to discover, investigate, asses the risk of threats and mitigate and prevent further threats.
The report revealed that 70% of respondents have no to modest confidence to reduce their “digital attack surface”, meaning all internet-facing assets connected to their business, including web servers, web and mobile apps, advertising and affiliate organisations.
The report also confirmed that most security threats originate from external actors, with internal business threats comprising only about a quarter of security breaches.
While respondents demonstrated an overall lack of confidence, at least they’re doing something about it: 44% of businesses surveyed intent to increase their IT security investment by up to 25%.
Great – so 44% are playing catch up and the rest aren’t even bothering. I feel so secure.