There’s a visible gap between the preventative measures IT decision makers from European organisations say their organisation takes, and the actual measures, according to a cyber security product company’s survey.
While most, 83pc agree they do take precautions to help prevent cyber-attacks, only 41pc provide security training to all employees and only a bare half, 53pc think their organisation has robust security policies in place. Most IT decision makers also express their interest in finding out who was behind an attack, if their organisation is breached, with almost 80pc agreeing they would like to know. The survey was on behalf of Kaspersky Lab among IT decision makers in six countries: Germany, UK, France, Italy, Spain, and Romania.
Half of those surveyed (51pc) would find it difficult to estimate total losses after a cyber-attack, as they realise that the impact is widespread and includes reputational loss. The highest percentages were recorded in the UK (62pc), followed by Spain (54pc). At the same time, 57pc of those asked are aware of the fact that attackers constantly improve their tools and tactics, feeling that it is easy for cyber attackers to carry out their attacks without leaving any clues as to their identity.
According to the survey, when a cyberattack occurs, 79pc would like to know who was behind the attack. However, 68pc of IT Decision Makers also feel that it is very rare cyber attackers are caught and brought to justice. Going into details, things change dramatically: although 53pc agree that their organisation has robust security policies in place, only four in ten European businesses (41pc) provide cybersecurity training for all employees, with France and the UK totalling one third: (33pc France, 34pc UK).
The number of organisations that provide cybersecurity training to their IT teams is slightly higher than those providing training to all employees: 43pc versus 41pc. However, this is not enough, as previous research showed that almost half (46pc) of cybersecurity incidents in 2017 were caused by employees – most of them working in non-IT departments.
Almost one third of European businesses resort to threat intelligence reports (30pc), which suggests the fact that more and more IT decision makers realise the importance of IT teams being able to count on high-quality threat intelligence, to prepare the best incident response, Kaspersky suggests.
Comment
David Emm, principal security researcher at Kaspersky Lab, pictured, said: “Awareness regarding cyberthreats is a very basic step for organisations, as a key foundation for staying protected from cyberthreats. Our research has found that European organisations acknowledge cyber risks, but it is concerning that only one-in-ten European organisations still do not take any effective preventative measures against cyberattacks, possibly hoping that ‘maybe it won’t happen to us.
“However, it has been proven time and time again, preventative measures and proper defence are far more affordable than the impact of a disastrous attack that can even mean the end of a business. Although when a cyberattack occurs businesses would like to know who’s behind it. Unfortunately attribution is fraught with difficulties, so it’s therefore much more productive to invest in measures to reduce the risk of attack and mitigate any attack that does occur.”
