How do you respond to news about the latest breach, leak, or hack? With a steady drip (and occasional surge) of negative press over cyber attacks, it should come as no shock to discover that consumer confidence is low when data breaches seem inevitable.

The question of how we respond to cybersecurity incidents, both practically and emotionally, is shaped by our experiences. As a consumer, it is difficult to have confidence when institutions like credit reporting agencies have difficulty managing the fallout of major incidents. As IT professionals, our outlook may be more balanced; after all, a crisis averted doesn’t exactly make for a newsworthy headline.

However, business owners and stakeholders may have a very different perspective about their organizations’ cybersecurity measures when compared to consumers and IT professionals. As a recent survey from Solarwinds MSP reveals, the confidence that businesses and consumers place on their cybersecurity preparedness is strikingly high.

Are Businesses Too Confident About Cybersecurity?

From a survey sample of 400 businesses from across the U.S. and U.K., equally split across small and enterprise-level businesses, we know that 87% of businesses are confident in their ability to handle cyber attacks. More than half of respondents believe they are safer than they were last year, and an even greater percentage believe that things will only improve next year.

When businesses continue to advance their security measures, this confidence can be well-placed. However, follow-up answers reveal that this confidence is often misplaced. Seventy-one percent of surveyed businesses have reported at least one breach in the previous year, along with incidents including DDoS, fraud, insider attacks, and ransomware. Negligence and distracted employees also continue to play a major role in incidents for many organizations.

Moreover, despite their confidence, the majority of these businesses confirmed that they were not taking proactive measures to bolster their security. With 68% of organizations failing to apply and audit security policies — an even greater problem as Bring Your Own Device (BYOD) policies grow ever more popular — it is increasingly evident that a certain amount of confidence may be misplaced.

Other pitfalls revealed in this survey include:

  • After handling a security breach, less than half (44%) adopted new technologies and practices (like establishing an incident response plan) to prevent and mitigate future issues
  • According to responses, detection, response, and resolution times have grown (~43%)
  • Only 16% of businesses provide user awareness training
  • 29% of respondents feel that their capabilities are “robust”

    While confidence can be an asset when backed up with capability, findings such as these reveal a continued need for cybersecurity education at the C-suite level. With adequate knowledge of what should make an organization confident in their cybersecurity, we can help make sure that our expectations of cyber preparedness meet reality.


    Editor’s Note: This blog article was written by an outside contributor – a guest blogger – for the purpose of offering a wider variety of content for our readers. However, the opinions and recommendations expressed in this guest blog are solely those of the contributor, and do not necessarily reflect those of The Security Awareness Company, LLC. If you are interested in writing something for us, please do not hesitate to contact us:

    Tim Wayne

    Digital Content Marketer at Solarwinds MSP
    Tim Wayne is a digital content marketer and a graduate from USC from Virginia Beach interested in cybersecurity, health IT, and business management. Tim has worked with companies and brands across a wide range of industries in writing and marketing online content.