It appears priority and ability to execute are two very different things when it comes to dealing with cyber threats, according to the latest data from Marsh and Microsoft.
Organizations today really have no choice but to be prepared for cyber attack. Protective, detective, predictive, and reactive measures all should be in place as part of an overall strategy.
According to the Global Cyber Risk Perception Survey Report 2019 from Marsh and Microsoft, 79% of organizations put cyber risk as one of their top five concerns – that’s a material 27% increase from just two years ago.
OK, so then organizations are ready, right?
Wrong.
When asked about their ability to address specific aspects of cyber resilience, three key areas showed declines in their confidence:
- Assessment – those orgs citing ‘no confidence’ in their ability to understand and assess cyber risks doubled - from 9% to 18%.
- Prevention – those with no confidence in an ability to prevent cyber attacks rose 58% - from 12% to 19%.
- Response – those with no confidence in their response or remediation rose 47% - from 15% to 22%.
With nearly one-fifth of organizations across the board unsure about whether they can identify, prevent, stop, and remediate cyber threats, they certainly have a funny way of demonstrating that cyber threats are one of the top five concerns.
My guess is (based on the report data) that organizations are still waiting to see if they are the victim of an attack before they act. According to the report, the number one factor (64% of respondents) that will have an impact on increasing budget allocation to cyber resilience is experiencing a cyber attack themselves!
Organizations must be proactive in their efforts to thwart attacks from coming to fruition. Without an understanding of the scope and scale a given attack will have, it’s far too risky to simply wait until an attack happens. If your organization hasn’t started (say, beyond endpoint protection), we always recommend a layered security strategy that addresses all three parts of a cyber resilience strategy shown lacking above, along with continual Security Awareness Training as the last line of defense.
Did you know that when you use KnowBe4, the world's largest cyber insurers give you a better deal? Marsh awarded KnowBe4 with the "Cyber Catalyst " designation, here is more detail.