Why Cyber-Security Strategies Are Falling Short

While organizations around the world are more confident than ever that they can predict and detect cyber-attacks, they're still falling short on investments and plans geared toward recovering from a breach. Such is the double-edged finding of EY's 19th annual Global Information Security Survey, "Path to Cyber-Resilience: Sense, Resist, React." EY surveyed 1,735 IT and IT security executives from organizations around the world to uncover the most compelling cyber-security issues facing business today, and what it discovered was a marketplace still struggling to keep up with a fast-evolving threat landscape. "Organizations have come a long way in preparing for a cyber-breach, but as fast as they improve, cyber-attackers come up with new tricks. Organizations therefore need to sharpen their senses and upgrade their resistance to attacks," said Paul van Kessel, EY's global advisory cyber-security leader. "In the event of an attack they need to have a plan and be prepared to repair the damage quickly and get the organization back on its feet. If not, they put their customers, employees, vendors and ultimately their own future at risk." The message is clear: It's not enough to have great tools and intelligence; companies have to get more strategic about how they track and respond to threats.