Many organizations still operate with a limited budget for cybersecurity despite increasingly rampant attacks, said EY which recently released results of its Global Information Security Survey 2018-19.
The survey collected responses from more than 1,400 C-level cybersecurity and risk leaders from some of the world’s largest organizations, with revenues ranging from less than US$ 10 million to over US$ 10 billion.
The survey finds that 87% of organizations operate with a limited budget to provide for the level of cybersecurity and resilience they require and that 55% of organizations don’t make protection an integral part of their overall business strategy and execution plans.
Surprisingly, larger organizations are more likely to fall short on this point than smaller organizations (58% versus 54%), EY pointed out.
However, cybersecurity budgets are on the rise with larger companies being more likely to have increased budgets this year (63%) and next year (67%) than smaller companies (50% and 66%, respectively), EY said.
Digital transformation brings new vulnerabilities
A majority of organizations (77%) are now seeking to move beyond basic cybersecurity protections toward fine-tuning their capabilities using advanced technologies like artificial intelligence, robotic process automation and analytics among others.
These organizations are continuing to work on their cybersecurity essentials, but they are also rethinking their cybersecurity framework and architecture to support the business more effectively and efficiently.
However, the survey found that 8% of respondents feel that their information security function fully meets their needs currently with 78% and 65% of larger and smaller organizations respectively saying their information security function is at least partially meeting their needs.
All the organizations surveyed are going through digital transformation projects and are increasing their spending on emerging technologies. The study reveals cloud computing (52%), cybersecurity analytics (38%) and mobile computing (33%) as the highest priorities for cybersecurity investment in emerging technologies this year.
“Organizations today are increasingly investing in emerging technologies as part of their digital transformation programs, and while these have created multiple new possibilities, they also create new vulnerabilities and threats,” said Paul van Kessel, EY Global Advisory Cybersecurity Leader.
“Organizations should be aware that building a level of trust with customers is critical to the success of their transformation programs. To build this trust cybersecurity needs to be embedded in the DNA of the organization starting with making it an integral part of the business strategy,” he noted.
The major security overseer is not a board member
A major obstacle to embed cybersecurity in the organization DNA might have something to do with the fact the major security overseer is not a board member.
According to survey results, 60% of organizations say that the person directly responsible for information security is not a board member.
In addition, only 18% of organizations saying that information security fully influences business strategy plans on a regular basis.
However, 70% of all organizations (73% and 68% of the larger and smaller organizations, respectively) say their senior leadership has a comprehensive understanding of security or is taking positive steps to improve their understanding.
CFOs: Check out this article to see how you could calculate your return on security investments