Cybersecurity risk management is at a turning point as organization see an unprecedented rise in cyberattacks. A comprehensive benchmarking study conducted earlier this year with cybersecurity executives from 1200 companies reveals that the average number of attacks rose sharply in 2021: incidents rose over 15% while the number of material cybersecurity breaches jumped over 24%.1 These figures may be underestimated because of the potential for organizations to fail to detect and to under-report attacks. Our study participants say they expect an increase in attacks over the next two years as cybercriminals up their game.
To keep up with both digital transformation and attacks from adversaries, organizations are significantly boosting their cybersecurity budgets — by over 50% on average. In addition, as organizations go digital, cyber risk management has moved from an IT issue to a core area of business and performance, requiring the vigilant attention of senior management and the board of directors.
Despite this, many organizations are not well prepared for the risks ahead. Over 40% of chief security officers say their organization is not well prepared for the new threat landscape. Even more executives in critical industries, such as healthcare, aerospace and defense, public sector, and telecom, say they are not ready for what lies ahead.
Why aren’t cybersecurity leaders prepared for future attacks?
Based on that data and other revealing statistics gleaned from the study, we uncovered the following six reasons why cybersecurity leaders are not prepared for today’s threat environment.
(1) More than 50% of CEOs, CIOs, and COOs say their organizations growing use of partners and suppliers exposes them to a major cybersecurity risk.
(2) 41% of executives think that their cyber risk initiatives have not kept pace with digital transformation.
(3) 39% of CEOs say they have inadequate budgets to ensure cybersecurity.
(4) 36% of CIOs see the shortage of skilled workers as their key cybersecurity challenge.
(5) 34% of CSOs believe that convergence of digital and physical systems, enabled by IoT, has increased the cyber risks that their organizations face.
(6) 27% of executives say new technologies are their largest cybersecurity worry. In two years, the percentage will grow to 37% of executives
The good news? Organizations that take a risk -based approach to cyber security performed better across many metrics including the fact that they experienced less breaches.