Financial Services Ireland

SURVEY REPORT

Is cybersecurity about more than protection?

Read more


Global Information Security Survey 2018-2019

A year after organisations were rocked by a series of large-scale cybersecurity breaches and ongoing recriminations over state-sponsored interventions, this year’s Global Information Security Survey report shows cybersecurity continuing to rise up the board agenda.

Rapid technology change, rising regulation and escalating cyber threats continue to be the dominant factors driving business model disruption in the financial services industry. This is neither good nor bad, as each presents both opportunity and risk – it’s just the reality of doing business today.

With more than 1400 respondents, our latest Global Information Security survey offers an insider’s view of how organisations are facing the challenge of progressing their cybersecurity on three fronts: protecting the enterprise, optimising cybersecurity and enabling growth. Download the report from the link below to explore in full, or view the three key findings below.

 

The survey finds that 87% of organisations operate with a limited budget to provide for the level of cybersecurity and resilience they require and that 55% of organisations don’t make the protection of the organisation an integral part of their overall business strategy and execution plans. Surprisingly, larger organisations are more likely to fall short on this point than smaller organisations (58% versus 54%). However, cybersecurity budgets are on the rise with larger companies being more likely to have increased budgets this year (63%) and next year (67%) than smaller companies (50% and 66%, respectively).

A majority of organisations (77%) are now seeking to move beyond basic cybersecurity protections toward fine-tuning their capabilities using advanced technologies like artificial intelligence, robotic process automation and analytics among others. These organisations are continuing to work on their cybersecurity essentials, but they are also rethinking their cybersecurity framework and architecture to support the business more effectively and efficiently. However, the survey found that 8% of respondents feel that their information security function fully meets their needs currently with 78% and 65% of larger and smaller organisations respectively saying their information security function is at least partially meeting their needs.

All the organisations surveyed are going through digital transformation projects and are increasing their spending on emerging technologies. The study reveals cloud computing (52%), cybersecurity analytics (38%) and mobile computing (33%) as the highest priorities for cybersecurity investment in emerging technologies this year.

Our view:  Trust in the digital business age is every bit as important as actual service delivery. Few things impact a company’s brand more than a badly handled data breach or prolonged service outage.

While failing to capitalise on technology-driven innovation has some immediate consequences, the real impact will be felt in the medium to long term through loss of competitiveness. The companies that will thrive are those already positioning themselves to safely reap the innovation benefits that digital technology and data science enables. That means new ways of operating day-to-day, and both understanding and reaching customers in real time. Strong cybersecurity and cyber risk management capabilities are fundamental in protecting organisations’ data and digital services.

Cybersecurity quote from EY Cyber Risk Leader

Careless/unaware employees rank as highest vulnerability and most organisations may not identify all breaches and incidents

Organisations concede that they would be unlikely to step up their cybersecurity practices or spend more money unless they suffered some sort of breach or incident that caused very negative impacts. The survey finds that the riskiest vulnerabilities are careless/unaware employees (34%), outdated security controls (26%), unauthorised access (13%) and related to cloud-computing use (10%). Only 8% say their security functions fully meet their needs and 38% of respondents are unlikely to detect a sophisticated breach, whereas less than 10% believe they have mature security systems. However, many organisations (82%) are unclear about whether they are successfully identifying breaches and incidents. Among organisations that have been hit by an incident over the past year, less than a third (31%) say the compromise was discovered by their security centre.

Cybersecurity does not fully influence organisations’ strategic plans; the person responsible is not a board member

Organisations are now convinced that looking after cyber risk and building in cybersecurity from the start is imperative to success in the digital era. The survey finds, only 18% of organisations saying that information security fully influences business strategy plans on a regular basis while 60% of organisations say that the person directly responsible for information security is not a board member. However, 70% of all organisations (73% and 68% of the larger and smaller organisations, respectively) say their senior leadership has a comprehensive understanding of security or is taking positive steps to improve their understanding.

If you would like to discuss any of the cybersecurity issues raised in the report, please don’t hesitate to get in touch.

Hugh Callaghan

FS Executive Director, Cyber
Hugh's Full Profile