The survey discusses statistics for cyberattacks, exposure to cyber risks, the awareness and attitudes of companies around cyber risk, and approaches to cybersecurity. Here are the four takeaways from the survey (all statistics included in this briefing are part of the survey).
Thirty-two percent of businesses had cyber security breaches in 2018. This number is down 11 percent from 2017 (43 percent). Even though the number of cyber-attacks has declined since 2017, they still remain a major threat to businesses. The most common incidents were:
While this news is good, there is one caveat: among those reporting breaches, the number of attacks they have faced has increased. In 2017, companies with breaches only reported experiencing two attacks, but by the 2019 survey, the number was six. This trend may suggest more targeted attacks in certain sectors as attackers grow increasingly organized and methodical.
The survey suggests two plausible explanations for why the number of incidences are down:
Since the 2018 report, more businesses are prioritizing cyber defense than in the past. As attackers grow smarter, businesses are focused on finding those holes and plugging them—and the renewed focus on preempting risk is helping to reduce the overall number of incidents.
Further, the survey suggests that since the introduction of the General Data Protection Regulation (GDPR), businesses may no longer report certain situations because they no longer qualify as breaches. They also are making changes to better their security in the face of more regulatory oversight. Thirty percent of businesses said they had made changed because of GDPR and 60 percent created new policies to address the risk.
More so than the reputational risk facing businesses who report breaches, the financial burden of a cyberattack is the greatest concern. Of the cases in which breaches caused loss of data or assets, the average (mean) cost was $5,473 (£4,180) which is a rise over years 2018 (+$1,336) and 2017 (+2,266).
The rising cost shows it is more expensive now to clean up after an attack than in previous years. According to the survey, “when organisations reflect on their approaches to cyber security, they may be undervaluing the true cost and impact of cyber security breaches.”
Though the numbers do indicate an increase in focus on cybersecurity, there is still more that can be done in this area. The business areas that, once addressed, will make the most impact are:
Though the numbers show fewer attacks, there are still many areas of weakness that need to be addressed to work toward total eradication.
One area in which businesses can improve is leveraging compliance requirements. On May 15, OnSolve will hold a webinar titled “Compliance: Friend or Foe” led by Virtual CIO, Andrew Baker. Attendees will receive answers to questions like:
Join us for this informative event that could help you preempt and avert cyberattack risk by better understanding how compliance can improve cybersecurity.