Why Cyber-Security Strategies Are Falling Short

By Tony Kontzer | Posted 2017-01-17

1 of

Why Cyber-Security Strategies Are Falling Short

Though a new wave of security technologies is providing unprecedented insight, companies are falling short on investments and plans for recovering from a breach.
Not Good Enough

50% of the IT and IT security executives surveyed said they can detect cyber-attacks thanks in large part to investments in threat intelligence, but 86% said their cyber-security function does not fully meet their organization's needs.
User Malfunction

73% of the survey respondents are concerned about poor user awareness and behavior around mobile devices.
Formal Programs MIA

64% said their company still does not have a formal cyber-threat intelligence program.
Failure to Communicate

42% said their organization does not have an agreed-upon communications strategy in place to use in the event of a significant attack.
Out of Date

48% of respondents cited outdated information security controls or architecture as their organization's greatest vulnerability.
A Lack of Confidence

87% of board members and C-level executives lack confidence in their organization's level of cyber-security.
Undermining Investments

57% of the respondents rate business continuity and disaster recovery as a high priority, but only 39% said their organization is planning to invest more on BC/DR in the coming year.
Who Cares?

Risks associated with careless or unaware employees are the top cyber-security concern, cited by 55% of respondents, followed closely by unauthorized access to data (54%).
Feeling Vulnerable

55% of respondents said their organization either does not have any vulnerability identification capabilities or has only informal capabilities.
Who's Monitoring?

44% of respondents said their organization does not have a security operations center to continuously monitor for cyber-attacks.
View All Slideshows >

While organizations around the world are more confident than ever that they can predict and detect cyber-attacks, they're still falling short on investments and plans geared toward recovering from a breach. Such is the double-edged finding of EY's 19th annual Global Information Security Survey, "Path to Cyber-Resilience: Sense, Resist, React." EY surveyed 1,735 IT and IT security executives from organizations around the world to uncover the most compelling cyber-security issues facing business today, and what it discovered was a marketplace still struggling to keep up with a fast-evolving threat landscape. "Organizations have come a long way in preparing for a cyber-breach, but as fast as they improve, cyber-attackers come up with new tricks. Organizations therefore need to sharpen their senses and upgrade their resistance to attacks," said Paul van Kessel, EY's global advisory cyber-security leader. "In the event of an attack they need to have a plan and be prepared to repair the damage quickly and get the organization back on its feet. If not, they put their customers, employees, vendors and ultimately their own future at risk." The message is clear: It's not enough to have great tools and intelligence; companies have to get more strategic about how they track and respond to threats.

Tony Kontzer, a Baseline contributor, has been writing about the intersection of technology and business for more than 20 years.