Tuesday, 21st May 2019
Logo

Costs not customers the major security breach concern

Sixty-three per cent of C-suite more concerned about paying for the costs of a cybersecurity breach than losing customers, says new study.

For UK senior executives who admit their organisations have suffered at least one significant cybersecurity breach within the past two years, the associated costs of a breach are considered the most important consequence. This is according to a new study by Centrify, a leading provider of Zero Trust Security through the power of Next-Gen Access, commissioned through Dow Jones Customer Intelligence.
Nearly two-thirds (63 per cent) of respondents in the UK believe investigation, remediation and legal costs are the most important consequence of a breach, followed by disruption to operations (47 per cent) and loss of intellectual property (32 per cent). They showed less concern for impact on brand, including loss of customers (16 per cent) and damage to the company’s reputation (11 per cent).
The study of 800 senior level executives, including CEOs, Technical Officers and CFOs in the UK and US, also indicates that there is confusion among the C-suite about what constitutes a cybersecurity risk and what needs to be done to prevent it. In the UK, malware is seen as the biggest threat to an organisation’s success among 44 per cent of respondents, compared to just 24 per cent who point to default/weak or stolen passwords and 29 per cent who blame privileged user identity attacks. However, of those organisations that experienced at least one significant security breach in the past two years, just 11 per cent admit it was due to malware, while almost twice as many put it down to either a privileged user identity attack or the result of stolen or weak passwords (both 21 per cent).
In fact, 63 per cent of UK organisations that experienced a major breach admit that privileged identity and access management would have most likely prevented the breach. The Verizon 2017 Data Breach Investigation Report supports this, indicating that 81 per cent of breaches involve weak, default or stolen passwords. More than half (53 per cent) of respondents at breached organisations say audit trails for system accesses, and a quarter say training or awareness would most likely have stopped a breach.
According to the survey, the largest areas of cybersecurity investment over the next 12 months will be for malware (44 per cent) and phishing (38 per cent), while protection against stolen or weak passwords (33 per cent) and privileged user identity attacks (26 per cent) are investment priorities for fewer respondents.
Barry Scott, CTO EMEA at Centrify, explains: “It’s no surprise that the C-suite often points to malware as the biggest threat. Sensational headlines about major attacks could be to blame, which companies see and react to, often mistakenly, when in fact identity-related attacks – such as stolen or weak passwords, and attacks on privileged users within organisations – are the primary threat to cybersecurity today.
“What’s worrying is that they then look to invest money in protecting against malware, when in fact they should be focusing on the increase in identity-related attacks. Business leaders need to rethink their strategy with a Zero Trust Security approach that verifies every user and every device, and provides just enough access and privilege.”
Over 84% of organisations in Europe use or plan to use digitally transformative technologies, but on...
Bitglass has released findings from its latest report: Kings of the Monster Breaches. Bitglass resea...
Bitglass, the Next-Gen CASB, has announced the appointments of Jon Peppler as Vice President of Worl...
New data ranking the ‘cybermaturity’ of organisations reveals the most commonly targeted sectors are...
New accreditations and robust partner portal make it easier than ever for channel partners to fast-t...
Cloud-native security customized to the demand of DevOps to protect and scale environments.
With LogRhythm Cloud, security analysts get the full analyst experience of an award-winning platform...
IT teams in organisations that have suffered security incidents in the past year often lacked execut...