Cybercrime is the greatest threat to an organization's survival today
A report on the findings of EY’s Global Information Security Survey 2013
Technology is ever evolving and our reliance on it opens an organization’s vulnerability to cyber attack through greater online presence, broader use of social media, mass adoption of mobile devices, and the involvement of cloud services. Aligned with advancing technology, new and more complex cyber risks keep emerging, threatening significant harm to an organization’s brand and bottom line.
Hackers are increasingly relentless and often politically motivated - when one tactic fails they will try another, until they get what they want. Everyone and every organization is a target. It’s no longer a matter of ‘if’ you will become a victim of cybercrime, it’s ‘when’!
A significant percentage of those reading this article know, or will soon learn, that hackers have breached the security perimeter of their organization. The frightening fact is that the infiltration could have occurred days, weeks or even months ago, and you didn’t know it. The associated costs to your organization may be staggering – not only financial, but in the number of lost data records and in damage to your brand and reputation.
In EY’s recently launched Global Information Security Survey (GISS) 2013 report, titled “Under cyber attack”, we address what an organization needs to do for its information security program to be able to successfully defend against the insidious cyber attacks the majority of companies face.
EY’s 16th annual survey of information security issues explores the experiences of more than 1,900 client organizations and how they are responding to today’s cyber threats. We also interviewed a number of senior executives representing organizations that in EY’s experience demonstrate leading practices in addressing cyber risks. The findings in the GISS report can help to guide your organization’s security program management approach.
And something needs to be done – fast!
Organizations must be prepared to combat against, manage and mitigate cyber attacks that can occur anytime, anywhere. 31% of respondents reported that the number of security incidents within their organization had increased by at least 5% over the last 12 months. However, we discovered that in 83% of businesses their Information Security function does not fully meet the organizations’ needs; even though, despite tough economic conditions, only 7% of companies have actively reduced their security budget over last 12 months. Half of our respondents plan to increase their budget by 5% or more in the next 12 months; but 65% still cite an insufficient budget as their number one challenge to operating at the levels the business expects.
Combating cyber attacks requires leadership and accountability. Many companies now realize the extent and depth of the threat posed to them; resulting in information security now being ‘owned’ at the highest level within 70% of the organizations surveyed. Every CEO should know if their organization has cyber security under control; understanding how its cyber-security approach relates to organizational and strategic priorities, and protects the data that is vital to business success.
A good sign is that nearly half of the organizations we interviewed now align their information security strategy with the organization’s business strategy. However, only 35% of organizations have their information security professionals present to the board or the top governing structure on a quarterly basis, and this is often not enough.
Our survey found that leading organizations are shifting their focus from operations and maintenance to improving and innovating; but to do this successfully, they must undertake more proactive thinking, with ‘tone-from-the-top’ support. Greater emphasis must be given on increasing budgets for vital activities like analytics and reporting, and devoting more resources to security solutions, as well as on improving employee awareness of the risks involved in using the technologies they rely on.
The difficulty is that there appears to be a severe information security talent shortage hindering the fight against cyber-attacks – especially in Europe. The gap is widening between supply and demand, creating a sellers’ market, with 50% of respondents citing a lack of skilled resources as a barrier to value creation.
Even with the right resources in place, organizations can’t simply focus on the threats they already know about; they must be forward-looking and prepare for the impact and increased threats that come along with emerging technologies – technologies that modern businesses must learn to embrace (or at least manage) to remain competitive. This means that to win the war against cyber criminals, organizations must channel more resources toward innovating solutions that can protect them against the great unknown: the future.
|For further information about cyber security and to download EY’s Global Information Security Survey 2013 report, please visit www.ey.com/GISS|
EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. For more information about our organization, please visit ey.com.
About EY's Advisory Services