A survey of 1,200 business leaders conducted by The Travelers Companies finds that nearly a quarter (22%) report their organizations were victimized by some type of cyber event, the highest percentage since the insurance industry conglomerate began fielding this survey in 2014. However, the percentage of executive taking steps to mitigate those risks has actually declined.
Overall, the survey finds cyber risks (56%) represent the second-highest concern in terms of risks to the business. The only greater concern is the current level of economic uncertainty, which at 57% was only one point higher. The top cybersecurity concerns are:
Suffering a security breach (52%)
- Unauthorized access to financial systems (50%)
- Employees putting company information at risk (48%)
- Becoming a cyber extortion/ransomware victim (47%)
- Theft of the company’s customer or client records (47%)
- Suffering a cyber event due to employees working remotely (47%)
Many of those concerns are naturally attributable to the fact that more employees are working from home in the wake of the pandemic. The percentage of businesses reporting that at least 40% of their employees work outside of the office (59%) has more than doubled during the pandemic.
Despite those increased concerns, however, the survey finds fewer companies have taken steps to mitigate cyber risks than they did a year ago. Less than half said their organization has employed hacker intrusion detection software (48%), undergone a cyber risk assessment (47%), written a business continuity plan that could help them respond to a cyberattack (42%), or assessed the risk their vendors might pose (37%).
In general, it’s pretty clear in the post-COVID-19 era that IT organizations are still playing catch up when it comes to security. A separate survey of 1,500 employees conducted by ManageEngine, an arm of Zoho that provides IT management tools, finds nearly two-thirds of respondents have been provided with a corporate device to use while working remotely. Unfortunately, 37% of those respondents also report there are no restrictions on these corporate devices. They can access any Web site or download software as they see fit. Over half of respondents (54%) said they would still visit a website after receiving a warning about potential insecurities.
A major reason why security issues are not being addressed comes down to simple economics. A survey of more than 5,000 IT and cybersecurity practitioners conducted by Kaspersky finds small and medium businesses (SMBs) on average allocated $275,000 to cybersecurity, while enterprises invested $14 million. As a percentage of the overall IT budget, the report notes cybersecurity is consuming a larger percentage of the IT budget. The bad news is the IT budget has shrunk. The survey finds the overall IT budget has fallen from $1.2 million in 2019 to $1.1 million in 2020 among SMBs, and from $74.1 million to $54.3 million among enterprises.
On the plus side for cybersecurity teams, however, 71% of organizations also expect their cybersecurity budget will increase in the next three years despite declines in the overall IT budget.
Of course, there’s no correlation between the level of IT security attained and the amount of money spent. However, as cybersecurity attacks increase in frequency and sophistication, it never hurts to have the funds available to quickly respond.