Many IT security executives highly overrate their abilities – exposing their employers to additional risk.
Accenture surveyed 2000 security experts at companies with a turnover of more than 1 billion dollars for a study titled Building Confidence: Facing the Cybersecurity Conundrum (PDF). Three quarters of them were confident that they could stop any intruders from accessing their systems. At the same time, half of them admitted that the trickiest attacks could go undetected for months. And that’s if they are discovered at all – the respondents also believed that a third of those successful breaches are actually never noticed.
The Anglo-American world fares particularly badly in this regard, with 30 percent of US-based organizations and 26 percent of those in the UK recognizing a successful attack on their systems only after a year or more has passed. This could be excused by the fact that the majority of attacks take place in the English language. But of all people it is the British who, according to a report published by IT-sector news service “The Register”, particularly often tend to believe that they can secure their systems against all comers by monitoring them closely – only we Germans have more self-confidence (or hubris) when it comes to detecting attacks.
Managers from the largest companies in 15 countries seemed to sincerely believe that they had “completely embedded cybersecurity into their cultures” according to the Accenture study. But the fact is that the average company is subject to 106 targeted attacks every year. If only a third of these attacks are successful, then businesses have their defenses breached two or three times per month.
Regardless of this, 54 percent of decision-makers would invest additional budget to do “more of the same things they’re doing now”. A mere 17 percent would rather spend the money on cybersecurity training and just 28 percent would invest in curbing financial losses.
And by the way, the French are not only willing to spend more than average on their food products, but also on IT security: 9.4 percent of their total IT budget is allocated to security. The global average stands at 8.2 percent, followed closely by the US with exactly 8 percent. The Australians lay out even less for their IT security, with expenditure amounting to 7.2 percent of the whole IT budget. Incidentally, it is the French, American and Australian enterprises which have the least confidence in their monitoring capabilities.
You can get real, not just perceived, security for your inboxes with Retarus E-Mail Security (soon to include our brand new “Patient Zero Detection®”). Our data centers around the world from which we provide the Retarus Cloud Services moreover fulfill the most stringent requirements for data protection and data security. You can find out more details directly from your local Retarus contact person.