Our analysis of survey responses points to a significant need for middle-market organizations around the world to improve their overall understanding of the cybersecurity risk landscape. Moreover, there is still considerable education and investment required to not only reduce the overall exposure to cyber attacks, but also to improve organizational preparedness and responsiveness across most industries and geographies. The following summarizes our key observations:
- Only 39% of respondents consider cybersecurity a top concern.
- 46% of respondents across the Americas do not have a formal cybersecurity program.
- 50% of respondents indicated that hacktivists, organized crime, and employees – both current and former – are the sources of greatest cyber risk.
- 20% of respondents have not conducted a cybersecurity assessment, and only 25% of respondents provide cybersecurity training to employees at least annually.
- 20% of respondents who are required to have a cybersecurity program based on governmental, industry or customer regulations do not currently have a cybersecurity program
- Limited time and budget along with a lack of qualified staff were the key reasons cited for not having an effective cybersecurity program.
- More organizations that have a cybersecurity program reported experiencing a breach than those who do not have a formal cybersecurity program.
- The majority of the respondents indicated underinvestment in advanced cybersecurity initiatives such as a robust security incident response plan to identify, detect, and handle security incidents including data breaches.
The above, taken with the rest of the survey data and responses, highlights an overall lack of intensity and awareness of the need for a comprehensive cybersecurity program. And if the rising cyber threats and increasing fines are not enough for companies to rethink their cyber programs, there are ample new regulations that may provide the needed impetus.