More firms say they prioritize cyber-security, but a significant number are still putting themselves at risk by not doing enough.
With a daily deluge of cyber-attacks, hacking incidents, data breaches and malware campaigns, it appears that – finally – many organisations now understand that cyber security is an important issue that needs to be taken seriously from the board down.
Figures in the 2019 Cyber Security Breaches Survey from the UK government suggest that around three-quarters of businesses and charities believe that cyber security is a high priority for their organisation’s senior management. For businesses, the figure is 78 percent, with charities slightly behind on 75 percent.
The number of organisations that view cyber security as a very high priority stands at four in ten businesses, while a third of charities also categorize cyber security as a high priority for directors, trustees and senior management. All of those figures are up compared with last year, suggesting that cyber security is increasingly viewed as important as any other part of the organisation.
But still: if three quarters of organisations view cybersecurity as a high priority, then around a quarter don’t rate it as important. Indeed, 20 percent of businesses say that cybersecurity is seen as a fairly low or very low priority, with 22 percent of charities saying the same.
It’s the food and hospitality sectors that are most likely to not promote cyber-security as a high priority. While it might be tempting for some organisations – especially those outside of data-intensive sectors like finance, technology and education – to think that they can avoid investment in this area because they won’t be of interest to attackers, it’s more likely that the opposite is true.
In other cases, a poor approach to security can lead your organisation to falling victim to a cyberattack even when it wasn’t even the intended target, as demonstrated by the WannaCry ransomware incident of May 2017.
It’s an understandable approach in a way – investing in cybersecurity, from software to training, costs money. If money is tight, these are the sorts of things that it might become easy to ignore.
An organisation that hasn’t (knowingly) found itself on the wrong end of a cyberattack might fall into the trap of thinking that security isn’t important.
‘Knowingly’ is the key word here: organisations might never know if someone clicked a phishing link that provides attackers with access to the network, or if hackers dropped trojan malware into their organisation.
So while it’s encouraging to see that the majority of organisations are taking cybersecurity more seriously than ever before, there’s still a long way to go.
And for those who aren’t prioritising it, it’s unfortunately likely to be only a matter of time before they find they’ve been the victim of a cyberattack or a data breach, and prevention maybe well be much cheaper than cure.
“We’re always hanging on by our finger tips in financial terms, and I think that really prevents us investing in the time it takes to address cybersecurity in a strong way,” says one charity quoted in the report.