How do you respond to news about the latest breach, leak, or hack? With a steady drip (and occasional surge) of negative press over cyber attacks, it should come as no shock to discover that consumer confidence is low when data breaches seem inevitable.
The question of how we respond to cybersecurity incidents, both practically and emotionally, is shaped by our experiences. As a consumer, it is difficult to have confidence when institutions like credit reporting agencies have difficulty managing the fallout of major incidents. As IT professionals, our outlook may be more balanced; after all, a crisis averted doesn’t exactly make for a newsworthy headline.
However, business owners and stakeholders may have a very different perspective about their organizations’ cybersecurity measures when compared to consumers and IT professionals. As a recent survey from Solarwinds MSP reveals, the confidence that businesses and consumers place on their cybersecurity preparedness is strikingly high.
From a survey sample of 400 businesses from across the U.S. and U.K., equally split across small and enterprise-level businesses, we know that 87% of businesses are confident in their ability to handle cyber attacks. More than half of respondents believe they are safer than they were last year, and an even greater percentage believe that things will only improve next year.
When businesses continue to advance their security measures, this confidence can be well-placed. However, follow-up answers reveal that this confidence is often misplaced. Seventy-one percent of surveyed businesses have reported at least one breach in the previous year, along with incidents including DDoS, fraud, insider attacks, and ransomware. Negligence and distracted employees also continue to play a major role in incidents for many organizations.
Moreover, despite their confidence, the majority of these businesses confirmed that they were not taking proactive measures to bolster their security. With 68% of organizations failing to apply and audit security policies — an even greater problem as Bring Your Own Device (BYOD) policies grow ever more popular — it is increasingly evident that a certain amount of confidence may be misplaced.
Other pitfalls revealed in this survey include:
While confidence can be an asset when backed up with capability, findings such as these reveal a continued need for cybersecurity education at the C-suite level. With adequate knowledge of what should make an organization confident in their cybersecurity, we can help make sure that our expectations of cyber preparedness meet reality.
Latest posts by Tim Wayne (see all)
- Confidence in Cybersecurity: A Survey About Businesses’ Perspective - December 20, 2017