Cybersecurity survey shows corporate defences still far behind data threats

A cybersecurity survey shows 88 percent of global organisations don’t believe their information defences fully meet their needs, although many still aren’t willing to spend the money needed to improve them.

UNITED KINGDOM (REUTERS) – More than one-third (36%) of global organisations still lack confidence in their ability to detect sophisticated cyber attacks, according to cybersecurity survey carried out by accounting firm EY.

1,755 organisations from 67 countries took part in the annual survey, which found that 88 percent do not believe their information security structure fully meets their needs.

“The scale of the threats is increasing. Organisations are getting better at dealing with those threats. But unfortunately the sophistication of the attacks is increasing faster than the mitigating actions against those attacks,” said Ken Allan, EY’s Global Cybersecurity Leader.

A chain of high-profile hacks on companies ranging from adultery website Ashley Madison to British mobile and broadband provider TalkTalk has drawn attention to cybersecurity across the corporate world. But it seems many companies are still unwilling to spend the money needed to upgrade their defences. As many as 69 percent of organisations feel that their IT security budgets should be increased by up to 50 percent to align their organization’s need for protection with its managements’ tolerance for risk. Yet a third of companies in banking and capital markets, and 38 percent in retail, will not be increasing their budgets over the next 12 months.

“Well I think what we’ve seen with many of the headlines that they are high profile breaches of well-known organisations. And to a large extent those breaches have been contained. But it can only be a matter of time where the scale of a breach on an organisation, that is a household name, is so great that the organisation will no longer survive”, warned Allan.

Criminal syndicates (59%), hacktivists (54%) and state-sponsored groups (35%) are seen as the most likely sources of a cyber attack. But a successful defence system does not just depend on the tools a company has. Allan says a change of attitude is required too.

“Pretty much every organisation is being breached most of the time, to a greater or lesser extent. And by accepting that, organisations can then turn their attention to how do we contain those attacks, how do we deal with them, how do we detect them, rather than assuming they can prevent them, because they absolutely cannot”, he said.