Overconfident and under-prepared

Survey reveals that large numbers of U.K. and U.S. businesses overestimate their readiness to combat cybersecurity breaches, despite most reporting breaches in last 12 months.

  • 6 years ago Posted in
SolarWinds MSP, a global leader in delivering comprehensive, scalable IT service management solutions to IT solution providers and MSPs, has published survey findings outlining the preparedness of UK and U.S. businesses in dealing with cybersecurity breaches. The report reveals that businesses are gravely optimistic about their ability to deter and cope with malicious attacks, despite the majority experiencing a breach over the last year and nearly one-fourth experiencing more than 10.
The potent combination of this lack of preparedness, the frequency of breaches, and the potential commercial impact of each one [$76k/59k GBP for small to medium sized businesses (SMBs) and $939k/724k GBP for enterprises]1, heightens the risk of an "extinction event" i.e., a massive business failure correlating to the breach.
Commenting on the survey, John Pagliuca, SolarWinds MSP general manager, said, "Our findings underscore the problems that contributed to the 'WannaCry' ransomware's ability to cause so much damage around the globe.  These results beg the question, 'How can IT leaders feel so prepared yet still be exposed?' One of the main reasons is that people are confusing IT security with cybersecurity. The former is what companies are talking about when they think about readiness. However, what they often don't realize is that cybersecurity protection requires a multi-pronged, layered approach to security that involves prevention, protection, detection, remediation, and the ability to restore data and systems quickly and efficiently. The overconfidence and failure to deploy adequate cybersecurity technologies and techniques at each layer of a company's cybersecurity strategy could be fatal."
The research, looking into 400 SMBs and enterprises in the UK and U.S. and conducted by Sapio Research, reveals that 87 percent of IT executives questioned are confident in their security technology and processes' resilience, and that 59 percent believe they are less vulnerable than they were 12 months ago. Given another 61 percent of businesses are anticipating a substantial boost to their cybersecurity budgets, they are confident this position will improve.
However, 71 percent of the same respondents said they have experienced a breach in the last 12 months.
These breaches are significant and shouldn't be discounted. Of the businesses that have been breached and could identify an immediately traceable impact, 77 percent revealed that they had suffered a tangible loss, such as monetary impact, operational downtime, legal actions, or the loss of a customer or partner.
SolarWinds MSP also investigated why this overconfidence is occurring and identified seven basic faults:
  • Inconsistency in enforcing security policies
  • Negligence in the approach to user security awareness training
  • Shortsightedness in the application of cybersecurity technologies
  • Complacency around vulnerability reporting
  • Inflexibility in adapting processes and approach after a breach
  • Stagnation in the application of key prevention techniques
  • Lethargy around detection and response
Research shows ‘game needs to be changed,’ with security innovation years behind that of the...
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that...
Atos has launched Atos OneCloud Sovereign Shield, a set of solutions, methodologies, and...
New distribution agreement set to bolster Westcon-Comstor’s Zero Trust offering in more markets...
Research from Avast has found that employees in almost a third (31%) of Small and Medium...
This year, over half of MSPs or their end customers have been attacked by ransomware but only 53%...
Trend Micro has published new research revealing that 90% of IT decision makers claim their...
Cyber consultants call on businesses to act now, or risk budgets shrinking further in ‘real...