Companies Boost Budgets to Fight Evolving Cyberattacks

Loading...
Loading...

PHILADELPHIA, July 10, 2019 /PRNewswire-PRWeb/ -- Companies worldwide expect to boost their cybersecurity investments by 34% in the next fiscal year, after raising them by 17% the previous year, according to a just-released study covering 467 firms across industries and based in 17 countries. About 12% of companies surveyed plan to bolster their cybersecurity investments by over 50%.

These increases come in the face of growing annual losses from cyberattacks, which for companies surveyed averaged $4.7 million in the last fiscal year—with more than one in ten firms losing over $10 million. That average loss equates to 0.114% of revenue across all firms surveyed. Losses are more severe for mid-sized companies than for large and very large companies, which have already taken greater action to secure their businesses.

Many executives believe that their cybersecurity investments are paying off. Firms report a decline in the impact from untrained staff, social engineers, and unsophisticated hackers over the last nine months. ESI ThoughtLab's survey shows that the impact of cyberattacks from malware, phishing, and mobile phone apps also decreased over that period. Yet the escalation in overall reported cyber losses highlights that cybersecurity is an ever-evolving struggle, as hackers target not just individual companies but whole industries, searching for any vulnerability.

Although the impact from certain types of attacks has fallen, the survey shows a rise in others, such as incursions through company supply chains and ecosystems. "This is an example of what we call the 'balloon effect' in cybersecurity, where squeezing down on risks in one place causes others to appear elsewhere," said Lou Celi, ESI ThoughtLab's chief executive officer. "Thanks to improved cybersecurity, companies are more effectively mitigating risks from unintentional and less sophisticated threat actors, but more advanced adversaries are still finding a way in."

The research shows that to combat evolving risks, companies need to take a proactive, multi-layered defense. Firms are responding by allocating the biggest share of their budgets to technology, while seeking the right balance between investments in people and process. They are also focusing more on risk identification to address emerging vulnerabilities and are investing more in resilience to ensure they can respond quickly to successful attacks.

Other calls to action from the study include:

Make sure you are investing enough in cybersecurity. Some industries, such as media and consumer markets, are allocating less and may be more exposed to cyber risks.

Think of cybersecurity like any other existential threat to your business. The risks are not just about privacy, liability, and stealing data; they also can create huge operational risks if business is interrupted and can have reputational impacts that can hurt market positions.

Pay attention to risks from partners and your supply chain. As firms draw on ecosystems of third parties to drive digital transformation, they increase their vulnerabilities to cyber risks.

Be aware that legal and regulatory risks are also rising substantially. Companies that do not comply with new standards face hefty penalties and legal consequences.

Implement rigorous incident training. To do so, put key stakeholders through a strong scenario exercise to prepare them for events when they occur, and to plan on how to respond quickly.

Measure your full losses, costs, and returns. When hit by a successful cyberattack, you need to understand all your costs—direct and indirect, tangible and intangible.

ESI ThoughtLab and WSJ Pro Cybersecurity carried out the survey in the spring of 2019 as part of a global research initiative titled The Cybersecurity Imperative. The current survey is a follow-up to a more comprehensive survey of 1,300 companies conducted in the fall of 2018. The latest survey was developed to track how executives' investments, plans, and perspectives have changed over the last nine months. Download an executive summary of the results by visiting: https://econsultsolutions.com/esi-thoughtlab/cybersecurity-imperative-2018/

The Cybersecurity Imperative program was conducted with a coalition of leading organizations with expertise across the cybersecurity space, including Baker McKenzie, CyberCube, HP, KnowBe4, Opus, Protiviti, the Security Industry Association, and Willis Towers Watson. Each organization is an expert in its own field and provided valuable insights to help guide our research methodology and scope.

About our research coalition

ESI ThoughtLab is the thought leadership arm of Econsult Solutions Inc., a leading economic consultancy. The innovative think tank offers fresh ideas and evidence-based analysis to help business and government leaders understand and respond to economic, industry and technological shifts around the world. Its team of top economists and analysts excel at applying economics to understand the impact of technology on the world.

WSJ Pro Cybersecurity is designed to help executives monitor the ever-changing landscape of cybersecurity through a business lens. Our dedicated team delivers unique, actionable insight on the wide-ranging challenges of cybercrime risk.

Loading...
Loading...

Baker McKenzie helps clients overcome the challenges of competing in the global economy. We solve complex legal problems across borders and practice areas. Our unique culture, developed over 65 years, enables our 13,000 people to understand local markets and navigate multiple jurisdictions, working together as trusted colleagues and friends to instill confidence in our clients.

CyberCube delivers data-driven cyber analytics built specifically for the insurance industry. CyberCube is focused on solving the most difficult and important cyber risk challenges in insurance with world-class analytics. CyberCube offers a software-as-a-service platform for cyber risk aggregation modeling and insurance underwriting. The CyberCube platform was established in 2015 by Symantec and now operates as a standalone company with continued access to Symantec data and resources.

HP Inc. creates technology that makes life better for everyone, everywhere. Through our portfolio of printers, PCs, mobile devices, solutions, and services, we engineer experiences that amaze. More information about HP Inc. is available at http://www.hp.com.

KnowBe4 is the world's largest security awareness training and simulated phishing platform that helps you manage the ongoing problem of social engineering. The KnowBe4 platform is user-friendly and intuitive. It was built to scale for busy security leaders and IT pros that have 16 other fires to put out. Our goal was to design the most powerful, cost effective, and easy-to-use platform available.

Opus is a global risk and compliance SaaS and data solution provider founded on a simple premise: faster, better decisions in compliance and risk management give businesses an extraordinary advantage in the marketplace. Today, the world's most-respected global corporations rely on Opus to free their business from the complexity and uncertainty of managing customer, supplier, and third-party risks. For more information about Opus, please visit http://www.opus.com.

Protiviti (http://www.protiviti.com) is a global consulting firm that delivers deep expertise, objective insights, a tailored approach and unparalleled collaboration to help leaders confidently face the future. Through its network of more than 80 offices in over 20 countries, Protiviti and its independently owned Member Firms provide clients with consulting solutions in finance, technology, operations, data, analytics, governance, risk, and internal audit. Protiviti is a wholly owned subsidiary of Robert Half RHI, a member of the S&P 500 index. For more information, please visit http://www.protiviti.com.

The Security Industry Association (SIA) is a leading trade association for global security solution providers. The SIA brings together more than 850 member companies representing thousands of security leaders and experts who shape the future of the security industry. SIA protects and advances its members' interests by advocating pro-industry policies and legislation at the federal and state levels, creating open industry standards that enable integration, advancing industry professionalism through education and training, opening global market opportunities, and collaborating with other like-minded organizations.

Willis Towers Watson WLTW is a leading global advisory, broking, and solutions company that helps clients around the world turn risk into a path for growth. With roots dating to 1828, Willis Towers Watson has over 40,000 employees serving more than 140 countries. We design and deliver solutions that manage risk, optimize benefits, cultivate talent, and expand the power of capital to protect and strengthen institutions and individuals.

 

SOURCE ESI ThoughtLab

Loading...
Loading...
Posted In: Press Releases
Benzinga simplifies the market for smarter investing

Trade confidently with insights and alerts from analyst ratings, free reports and breaking news that affects the stocks you care about.

Join Now: Free!

Loading...