Survey: Lack Of Preparedness By IT Execs Prevalent
New SolarWinds MSP security survey highlights overconfidence, lack of preparedness by IT execs to combat ransomware and other cyber attacks.
SolarWinds MSP has published survey findings outlining the preparedness of UK and U.S. businesses in dealing with cybersecurity breaches. The report reveals that businesses are gravely optimistic about their ability to deter and cope with malicious attacks, despite the majority experiencing a breach over the last year and nearly one-fourth experiencing more than 10.
The potent combination of this lack of preparedness, the frequency of breaches, and the potential commercial impact of each one [$76k/59k GBP for small to medium sized businesses (SMBs) and $939k/724k GBP for enterprises]1, heightens the risk of an “extinction event” i.e., a massive business failure correlating to the breach.
Commenting on the survey, John Pagliuca, SolarWinds MSP general manager, said, “Our findings underscore the problems that contributed to the ‘WannaCry’ ransomware’s ability to cause so much damage around the globe. These results beg the question, ‘How can IT leaders feel so prepared yet still be exposed?’ One of the main reasons is that people are confusing IT security with cybersecurity. The former is what companies are talking about when they think about readiness. However, what they often don’t realize is that cybersecurity protection requires a multi-pronged, layered approach to security that involves prevention, protection, detection, remediation, and the ability to restore data and systems quickly and efficiently. The overconfidence and failure to deploy adequate cybersecurity technologies and techniques at each layer of a company’s cybersecurity strategy could be fatal.”
The research, looking into 400 SMBs and enterprises in the UK and U.S. and conducted by Sapio Research, reveals that 87% of IT executives questioned are confident in their security technology and processes’ resilience, and that 59% believe they are less vulnerable than they were 12 months ago. Given another 61% of businesses are anticipating a substantial boost to their cybersecurity budgets, they are confident this position will improve.
However, 71% of the same respondents said they have experienced a breach in the last 12 months.
These breaches are significant and shouldn’t be discounted. Of the businesses that have been breached and could identify an immediately traceable impact, 77% revealed that they had suffered a tangible loss, such as monetary impact, operational downtime, legal actions, or the loss of a customer or partner.
SolarWinds MSP also investigated why this overconfidence is occurring and identified seven basic faults:
- Inconsistency in enforcing security policies
- Negligence in the approach to user security awareness training
- Shortsightedness in the application of cybersecurity technologies
- Complacency around vulnerability reporting
- Inflexibility in adapting processes and approach after a breach
- Stagnation in the application of key prevention techniques
- Lethargy around detection and response
The full report from SolarWinds MSP, entitled “2017 Survey Results: Cybersecurity: Can Overconfidence Lead to an Extinction Event? A SolarWinds MSP Report on Cybersecurity Readiness for U.K. and U.S. Businesses” is available here for download.
About SolarWinds MSP
SolarWinds MSP empowers MSPs of every size and scale worldwide to create highly efficient and profitable businesses that drive a measurable competitive advantage. Integrated solutions including automation, security, and network and service management — both on-premises and in the cloud, backed by actionable data insights, help MSPs get the job done easier and faster. SolarWinds MSP helps MSPs focus on what matters most — meeting their SLAs and creating a profitable business.
Methodology and Sample
In early 2017, SolarWinds MSP investigated the cybersecurity preparedness, experiences and failings of 400 SMBs and enterprises, split equally across the U.S. and the U.K. SMBs were categorized as having fewer than 250 employees.
1. The cost per stolen record data was taken from IBM/Ponemon’s “2016 Cost of Data Breach Study: Global Analysis”