Hiscox: Global Firms Still Struggling to Get Cyber-Ready
WWT's Nick Hammond argues that a new report from Hiscox should be a reminder for global firms of the difficulty of getting security right.
Posted by Infosecurity on February 6, 2018:
Nearly three-quarters of global firms fell short of adequate cyber-readiness, despite the majority ranking online threats as the number one risk to their business, according to Hiscox.
The insurer’s Cyber Readiness Report 2018 used interviews with a representative sample of 4000 organizations in the US, UK, Germany, Spain and the Netherlands to assess their cybersecurity strategy and the quality of its execution.
The annual report found that only 11% scored highly enough in both areas to be ranked as cybersecurity “experts,” while 16% achieved expert status in either strategy or execution, but not both.
Yet the cyber-threat is well understood: two-thirds of respondents claimed it’s their top business risk, alongside fraud.
Perhaps unsurprisingly, large firms and those that spend more on security were judged to be the best prepared.
Some 21% of large companies ranked as cyber experts, versus only 7% of small firms, while cyber-experts spend twice as much on IT as those that failed the test ($19.8m versus $9.9m) and devote a higher proportion to cybersecurity (12.6% versus 9.9%).
Nick Hammond, lead advisor for financial services at World Wide Technology, argued that the report should be a reminder to those in the financial sector of the difficulty of getting security right.
“This kind of protection is all the more necessary this year, in the wake of new regulations such as MiFID II, PSD2 and GDPR. Unlike older rules that only required yearly tick-box compliance exercises, these new regulations require continued assurance of critical applications,” he added.
“But with the complexity of existing IT systems, which have been built with different and sometimes opposing metrics over the years, this is easier said than done. This web of opaque interdependencies is creating problems for cyber security. Without a clear view of how the system is plumbed together, there can be knock-on effects downstream when one application is prevented from sharing data with another system or user.”