Business Cybersecurity Report Card for 2019
There are growing concerns for business cybersecurity to meet the challenges of today’s hostile environment. The international insurance underwriter Hiscox recently released its Hiscox Cyber Readiness Report 2019 and the news was not good. The report showed that the number of cyber attacks has increased and that businesses of all sizes are being targeted. While cybersecurity spending has increased fewer companies have attained appropriate levels of cyber strategy and execution. The report included findings from companies located in Belgium, France, Germany, The Netherlands, Spain, United Kingdom, and the United States.
Trends in Cyber Attacks
Increases in the number of organizations reporting incidents of cyber attacks have occurred over the past year. While larger businesses are more likely to experience these attacks, large increases in rates among medium and small size firms have occurred. Reported losses from these attacks have increased by over dramatically, but the true value of damage done from loss or compromise of sensitive data is impossible to truly assess. While cybersecurity spending has increased by as much as 24%, the number of firms rated as having adequate cyber strategy and execution has fallen.
Particular Concerns for Business Cybersecurity
Supply Chain Vulnerabilities
Large numbers of companies reported incidents involving their supply chain in the last year. A majority of these organizations now recognize these vulnerabilities and are including cyber Key Point Indicators (KPI) in their contracts with suppliers. Other efforts included increased audit and evaluation of their supply chain.
There was a marked increase in cloud vulnerabilities in the last year with 22% of respondents reporting outages from third-party cloud providers. This is a 9% increase from the previous year. This increase is likely due to more firms using cloud based solutions for sensitive data.
Costs of Losses
The mean losses from cyber attacks to businesses has risen as much as 61% in the last year. These losses were seen in all businesses regardless of size or sector. The greatest increases were seen in large businesses with between 250 and 999 employees.
Overall progress in attaining effective cybersecurity programs has stalled out even though increases in cybersecurity spending have occurred. Of those who participated in the survey, 74% fell in to the Novice classification. This assessment included strategy, oversight, resourcing, technology, and processes. Of special concern, the United States ranked among the lowest in this category.
Some Take Aways
Businesses are beginning to take notice and are becoming less complacent. Many are being prompted by increased regulation from governments and those companies they supply goods and services to. Cybersecurity is an interdependent undertaking. For an fully effective program an Information Security Management System (ISMS) should be employed. A good example is ISO/IEC 27001. It employs a comprehensive that includes processes, people, and IT systems to maintain data security. Because it uses a constant improvement model, it can remain adaptable to changing threats through a risk management approach.
CVG Strategy shares your concerns for business cybersecurity. We are committed to helping businesses secure their vital data. CVG Strategy can establish ISO 27001 and NIST 8001-171 programs that incorporate security architecture, detective controls, and preventative controls. We provide training so that a cooperative and coordinated effort can be made by all involved. We are also committed to helping those who provide serviced and goods the the U.S. Department of Defense in achieving requirements for Cybersecurity Maturity Model Certification (CMMC). Contact Us to see how we can help.