The figure is staggering…
According to a survey by cyber security firm EY, a whopping 88% of global organizations don’t believe their online defenses are good enough to meet their needs.
Now, with a figure like that – with a crystal clear majority acknowledging that there’s a problem – you’d think all these firms would be busy addressing the issue.
Alas, you’d be wrong.
One-third of banking companies won’t be boosting their cyber security budgets this year.
The number is even higher in the retail sector, where 40% of companies don’t plan to increase spending.
For two sectors that hold virtually all our sensitive personal data, that’s downright alarming.
Indeed, in the wake of the JPMorgan attack, Philip Lieberman, CEO of security firm Lieberman Software, stated, “JPMorgan and similar entities employ sufficient technology to protect themselves from criminals, but typically fail to invest enough in technology and processes to shield themselves from nation states’ ability to access their systems at will.”
He called on financial sector firms to employ military-grade security to combat attacks, but noted that many lack the top-level leadership necessary to oversee upgrading their systems – and aren’t willing to spend the money to do so anyway.
And it’s only a matter of time before a real catastrophe hits…
At Stake: Survival
Commenting on the survey results, EY’s Global Information Security Leader, Ken Allan, says that while companies are generally better at dealing with cyber threats, “the scale of the threats is increasing… [and] unfortunately, the sophistication of the attacks is increasing faster than the mitigating actions against those attacks.”
He continues ominously, “It can only be a matter of time before the scale of a breach on an organization that’s a household name is so great that the organization will no longer survive.”
This is no exaggeration. You can appreciate the scale of the problem, given that a Grant Thornton report last year showed that over a 12-month period, cyber attacks had cost companies more than $315 billion.
The first step is to quit being in denial, says Allan.
“Pretty much every organization is being breached most of the time, to a greater or lesser extent. By accepting that, organizations can then turn their attention to ‘how do we contain those attacks, how do we deal with them, how do we detect them,’ rather than assuming they can prevent them, because they absolutely cannot.”