Connect with us

Hi, what are you looking for?

White Papers

Cyber leaders’ confidence in their organization’s defenses plummets, but costs mount

Despite high levels of spending, detection and response times appear slow. More than three-quarters of respondents (76%) said their organizations take an average of six months or longer to detect and respond to an incident.

While the number of cyber threats and associated costs are increasing, cybersecurity leaders appear to be struggling with the effectiveness of their organization’s defenses, according to the EY 2023 Global Cybersecurity Leadership Insights Study.

The survey of 500 cybersecurity leaders worldwide found that just one in five considers their organization’s approach to be effective for current and future threats. Half of the respondents also appear skeptical about the effectiveness of the training that their organizations provide, and just 36% are satisfied with the levels of adoption of best practices by teams outside the IT department.

At the same time, cyber leader respondents reported mounting costs associated with cybersecurity investment and an average of 44 cyber incidents per organization in 2022. Chief information security officer (CISO) respondents reported an average annual spend of US$35m on cybersecurity, while the median cost of a breach to their organization has increased by 12% to US$2.5m in 2023 and is anticipated to reach US$4m.

Despite high levels of spending, detection and response times appear slow. More than three-quarters of respondents (76%) said their organizations take an average of six months or longer to detect and respond to an incident.

Advertisement. Scroll to continue reading.

Richard Watson, EY Global and Asia-Pacific Cybersecurity Consulting Leader, says: “After all the time and money spent on cybersecurity, CISOs still feel very unprepared against cyber threats. The levels of dissatisfaction are more worrying when seen in the context of increasing geopolitical instability, economic uncertainty and the rapid adoption of emerging technologies that will push the number of incidents to even higher levels and see cyber adversaries continually evolve.”

Warren R. Bituin, SGV Technology Consulting leader, says: “There is undoubtedly a heightened level of awareness in the board and management regarding the importance of cybersecurity. This increased awareness represents a significant step forward in the overall effort to create a secure digital environment. However, despite the recognition of cyber threats, it is important to note that this increased awareness does not always translate into the right investments in cybersecurity. Targeted investments can provide some level of security but may overlook the need for a comprehensive and holistic approach to cybersecurity. To truly enhance cybersecurity, organizations must understand the entire ecosystem in which they operate. This means looking beyond internal systems and considering the network of third-party vendors, suppliers, and partners. Recognizing that vulnerabilities can arise from these relationships is crucial to implementing robust security measures.”

Simplify to survive

The study found that those organizations that are more satisfied with their approach to cybersecurity, experience fewer cyber incidents, and can detect and respond to incidents quicker have certain common characteristics.

While 70% of these “Secure Creators” identified in the study define themselves as early adopters of emerging technology, they focus on extracting the most value from specific advanced solutions, such as artificial intelligence/machine learning (AI/ML) (62%) and Security, Orchestration, Automation and Response (SOAR) (52%) that allow them to have a clear line of sight to cybersecurity incidents. In addition, they have specific strategies in place for managing attacks through multiple sources: their own cloud, their partners and through their supply chains. Respondents from these types of organizations appear almost twice as likely to be highly concerned about cyber risks from their supply chain (38%) and related risks, such as intellectual property protection (38%).

Finally, “Secure Creators” embed cybersecurity thinking and training from the C-suite down to the workforce. As a result, CISOs from these organizations say that their approach is more likely to positively impact their pace of transformation and innovation (56%), as well as their ability to rapidly respond to market opportunities (58%) and to focus on creating value (63%).

Advertisement. Scroll to continue reading.

EY’s Watson says: “When it comes to technology, the more clutter an organization has in its armory, the harder it is to pick up signals and get on top of issues quickly. CISOs should focus not on bolting on new technologies but integrating existing ones better. Organizations are now inextricably and digitally linked to businesses in their supply chain. CISOs should champion thinning out supply chains, so they are dealing with fewer suppliers, and work to ensure that a cybersecurity lens is applied over them.

“It is the very scale and complexity of security measures and processes in an organization that pose the greatest threat to efficient cybersecurity. Instilling a culture of being brilliant at the basics of cybersecurity across the organization can prove to be the best defense.”

Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

White Papers

When compared to 2023, Sophos saw a 51% increase in abusing “Living off the Land” binaries or LOLbins; since 2021, it’s increased by 83%.

HEADLINES

Someone illegally acquires or uses personal information such as bank account or credit card numbers of another person to obtain money, goods or services....

HEADLINES

To stay ahead of these challenges, organizations need to invest in AI-driven defenses, transition to quantum-safe encryption, and adopt a Zero Trust approach to...

HEADLINES

There was a 121% Year-on-Year (YoY) increase in identity fraud in 2024 across the region, with significant surges recorded in Singapore (207%), Thailand (206%)...

HEADLINES

As part of RCBC’s 2024 Cybersecurity literacy program, the webinar aims to help Filipinos level up their online banking safety by providing them with...

White Papers

The survey found that CXO’s feel less prepared than their global peers. Less than half or 48% in APAC said they felt completely prepared...

HEADLINES

On average, a single organization in the Philippines experiences 4,003 attacks per week, significantly higher than the APAC average of 2,870 attacks per week.

White Papers

Exploiting this vulnerability, cybercriminals craft deceptively authentic phishing emails that align with current trends, exploiting human emotions to invoke urgency and trick recipients into...

Advertisement