Last month, the whitepaper of the Sixth Annual Survey on the Current State of and Trends in Information Security and Cyber Risk Management was released. As we can see, the survey had a lot of interesting and important information to help small businesses and CIOs make meaningful decisions regarding their approach to cyber security. It discussed key themes, like evolving threats and how companies can build up resilience to those threats. In addition to all the findings and suggestions in the survey, there were also some facts that readers and business owners may find very interesting.
Let us know what you think!
Fact #1: Cyber-security is a thing and should be considered by everyone
According to the survey, 78 percent of respondents from personal data-driven industries purchased a security & privacy insurance policy, compared with only 59 percent from all other industries. Data-driven industries certainly have more sensitive, customer data to protect, which may be why their number is higher. But, either way you look at it, more than half of the industries surveyed take out cyber insurance. That’s a lot.
Fact #2: Not every company outsources their security management (yet)
The study revealed that approximately 60 percent of pre-breach services are provided by internal resources such as IT, risk management, human resources (HR) and legal. While it’s a good idea to outsource security management, we can see that some companies are still relying on their in-house staff for pre-beach services.
Fact #3: People rely on technology more than we think
According to the survey, when asked to what extent an internet, cloud or technology disruption would impact their daily business operations, 87 percent said it would have a moderate-to-significant impact. That’s a whole lot of people that feel if a breach were to happen, they would really be in a bad situation.
Fact #4: Depending on your industry, you may perceive cyber security differently
76 percent of respondents in the communications, healthcare, finance and banking, and retail industries viewed cyber risk as a significant threat compared to only 55 percent of all the other industries. If your industry falls into that 76 percent, then you may want to consider what aspects of your industry make it more vulnerable and assess your company’s cyber security measures based on that.
Fact #5: Business leaders consider cyber-security as a threat more now than ever before
A question was asked in the survey, “In your experience, are cyber risks viewed as a significant threat by your organization’s leadership?” In response, 83 percent said “yes” for Board of Directors, which is 15 percentage points higher than in 2015. Just a year ago, it seemed as though higher level executives and other leaders simply did not see cyber security as much of a threat that they needed to consider it in their budget. It looks like that’s starting to change.
Fact #6: Hackers aren’t as much of a worry as you would think
According to all respondents, “employees unintentionally infecting the company’s network with malware” is the top concern with 50 percent rating it a high or extremely high risk. So, if you’re an employee, your higher-ups may be worried more about you making a mistake than a dangerous hacker.
Fact #7: Got an attorney? Most companies are relying on theirs for security.
When asked which services are utilized in response to a cyber-security breach, it’s no longer the IT guy. Based on the survey, for the first time, the general counsel is the department most frequently responsible for assuring compliance with all applicable federal, state or local privacy laws, including state breach notification laws. While the IT person at your company should be fully aware of policies, it may be better to play it safe and go with the general counsel for any of your cyber-security questions, comments, or concerns.
Smeester & Associates understands the questions that arise when it comes to protecting your own company’s cyber-security. We’re here to answer those questions and provide you with the tools and recommendations necessary in order to make the best decisions for your company.