It’s the business equivalent of quitting smoking the day after the cancer diagnosis: Despite year after year (after year after year) of warnings to protect both yourself and your business against cyberattacks, you have not. You wait until you’ve been hit.
“Big Four” accounting and professional services firm Ernst and Young recently conducted an extensive survey (PDF) of 1,909 executives in 64 countries to determine how prepared the global business is for cyberattacks.
Given both the amount of time that has passed since online security first became an issue for businesses and the recent increase in, and media coverage of, phishing attacks, cracking, site vandalism, data theft, distributed denial of service attacks, and other species of virtual assault, it will probably shock anyone reading to discover the level to which commerce is unprepared for something that seems to happen every day.
Ninety-six percent of businesses are unprepared for a cyber attack.
Because 68 percent of respondents said the number of security threats their businesses had to deal with had increased since the previous year, one would think that staffing to deal with this uptick would be a priority. However, 50 percent of those surveyed said their businesses lacked staff with the technical know-how and experience to deal with security issues.
These issues point toward the most frequently cited reason for lack of security preparedness: money.
Sixty-five percent of surveyed businesses said they are not sufficiently budgeted for online security. The number increases to 71 percent for those with revenues under $10 million.
On the positive side, 70 percent of executives indicated that cyber security was now handled at the upper level of executive decision making, and one in 10 had the staff member responsible for security reporting directly to the CEO and 35 percent reported to the board.
These responses indicate the importance with which the issue is regarded in a public-facing environment. But between the budgeting shortfalls, 32 percent of the companies in the survey indicating that cybersecurity was the least important type to their firm, and only 23 percent assigning it the first or second position, the perennial “room for improvement” remains an abyssal gap.
With that gap being the entry point for an increasing number of increasingly energetic black-hat hackers and vandals, the situation looks unlikely to change anytime soon.