The potent combination of this lack of preparedness, the frequency of breaches, and the potential commercial impact of each one [$76k/59k GBP for small to medium sized businesses (SMBs) and $939k/724k GBP for enterprises]1, heightens the risk of an "extinction event" i.e., a massive business failure correlating to the breach.
Commenting on the survey, John Pagliuca, SolarWinds MSP general manager, said, "Our findings underscore the problems that contributed to the 'WannaCry' ransomware's ability to cause so much damage around the globe. These results beg the question, 'How can IT leaders feel so prepared yet still be exposed?' One of the main reasons is that people are confusing IT security with cybersecurity. The former is what companies are talking about when they think about readiness. However, what they often don't realize is that cybersecurity protection requires a multi-pronged, layered approach to security that involves prevention, protection, detection, remediation, and the ability to restore data and systems quickly and efficiently. The overconfidence and failure to deploy adequate cybersecurity technologies and techniques at each layer of a company's cybersecurity strategy could be fatal."
The research, looking into 400 SMBs and enterprises in the UK and U.S. and conducted by Sapio Research, reveals that 87 percent of IT executives questioned are confident in their security technology and processes' resilience, and that 59 percent believe they are less vulnerable than they were 12 months ago. Given another 61 percent of businesses are anticipating a substantial boost to their cybersecurity budgets, they are confident this position will improve.
However, 71 percent of the same respondents said they have experienced a breach in the last 12 months.
These breaches are significant and shouldn't be discounted. Of the businesses that have been breached and could identify an immediately traceable impact, 77 percent revealed that they had suffered a tangible loss, such as monetary impact, operational downtime, legal actions, or the loss of a customer or partner.
SolarWinds MSP also investigated why this overconfidence is occurring and identified seven basic faults:
- Inconsistency in enforcing security policies
- Negligence in the approach to user security awareness training
- Shortsightedness in the application of cybersecurity technologies
- Complacency around vulnerability reporting
- Inflexibility in adapting processes and approach after a breach
- Stagnation in the application of key prevention techniques
- Lethargy around detection and response