Firms believe they need to spend more on cybersecurity, finds EY survey

Firms believe they need to spend more on cybersecurity, finds EY survey
3 Jul, 2018

Organisations today have become increasingly conscious of the threat posed by cybersecurity breaches. To this end, many have indicated that they need to allocate larger budgets towards cybersecurity, consulting firm EY stated in a survey report titled ‘Global Information Security Survey 2017-18’.

Citing The World Economic Forum, the report stated that by 2021, the global cost of cybersecurity breaches is estimated to touch $6 trillion.

According to the GISS 2018 survey, 87% of organisations said that they need to increase their cybersecurity budget by 50% more. About 76% of survey respondents said that such budgets would only be increased in the event of a breach that causes damage.

Besides budgets, organisations are increasingly fearful of careless or unaware employees who fail to abide by cybersecurity guidelines, the report stated.

About 77% of survey respondents believe that poor user awareness and behaviour that exposes them to risk through mobile devices pose a threat, while 50% think that losing devices, and as a result, information, are a cause for concern, the survey found.

Organisations are aware of the need to deploy resources to mitigate cyber risks. The survey found that 48% of respondents have taken action by reviewing their cybersecurity strategies or are about to reassess them.

Among the various threats that businesses face, the greatest threat they face is from their own employees and criminal organisations, the report stated.

Making employees more conscious of security measures and instilling password discipline is one way of tackling the cyber risks. The other, according to the survey, is to set up a security operations centre (SOC). This serves as a centralised hub where cybersecurity activities can be coordinated and structured. Though the survey pitted this as a solution, 48% of survey respondents did not have SOCs in place.

As the world becomes increasingly connected through networks and artificial intelligence capabilities develop at a rapid rate, the number of malware attacks is set to increase. A report in March this year by US network security company SonicWall stated that it identified nearly 9.32 billion malware attacks in 2017, an 18.4% rise from the previous year. It also found more than 12,500 common vulnerabilities and exposures last year.

“Our latest proprietary data and findings show a series of strategic attacks and countermeasures as the cyber arms race continues to escalate,” SonicWall’s chief executive Bill Conner had said.

Among the top cybersecurity risks for 2018 is the evolution of ransomware. According to cybersecurity analyst John Mason, the number of malicious apps rose from 500,000 in 2013 to 3.5 million in 2017. According to Mason, 77% of these malicious applications are malware. 

He also stated that most businesses do not give top priority to cybersecurity and do not have back up plans in place. Those that do have a recovery plan, use outdated methods, he added.