Adopting to new working practices, as a result of the COVID-19 pandemic, has businesses exposed to more and increasingly sophisticated cyber attacks and brought underfunded cyber defenses into the spotlight, according to the EY Global Information Security Survey 2021 (GISS).
- 56% of respondents say that businesses have sidestepped cyber processes to facilitate requirements around remote working
- 77% of respondents warn of an increase in the number of disruptive attacks
- 39% warn their organization’s budget is not adequate to manage new challenges
This year's GISS, which surveyed more than 1,000 cybersecurity leaders at organizations worldwide, finds that more than half (56%) say that businesses have sidestepped cyber processes to facilitate new requirements around remote or flexible working. At the same time, cyber leaders say they have never been as concerned as they are now about their ability to manage the cyber threat (43%) with more than three in four (77%) warning that they have seen an increase in the number of disruptive attacks, such as ransomware, over the last 12 months (compared to 59% in previous year’s GISS).
Cybersecurity budgets are out of sync with need
Despite the growing threat of cyber attacks, cybersecurity budgets remain low relative to overall IT spend, according to this year’s GISS. While respondents’ organizations had average revenues of US$11b in the last financial year, the average spend on cybersecurity was just $5.28m.
Almost four in ten respondents (39%) warn that their organization’s budget is below what is required to manage the new challenges that have arisen in the last 12 months. The same percentage say that cybersecurity expenses are not factored adequately into the cost of strategic investments, such as an IT supply chain transformation. At the same time, more than one-third (36%) say it is only a matter of time until their organizations suffer a major breach that could have been avoided had there been more appropriate investment in cybersecurity defenses.
Building relationships with the C-suite can turn crisis into an opportunity
The essential relationships between cybersecurity leaders and other functions in the business, lack positivity and strength, according to the 2021 GISS.
Responding cyber leaders (41%) describe their relationship with the marketing function as negative, while 28% say their relationship with business owners is poor. As a result, while 36% of respondents in 2020 were confident that cybersecurity teams were being consulted at the planning stage of new business initiatives, this figure has fallen to 19% in 2021. Just 25% think senior business leaders would describe their organization’s cybersecurity function as commercially minded.
Sakis Moyseos, Associate Partner, Head of Business Consulting and Government Sector Leader of EY Cyprus, said: “Cybersecurity was a rising concern even before the pandemic. The need to rapidly transform to the new environment created by COVID-19 meant that security was, inevitably, often overlooked, leading to more frequent attacks, as reported in our survey. As businesses look to maintain some of the working practices adopted during the pandemic in the post-COVID-19 era, it is imperative that these cyber gaps be addressed. CISOs must ensure that CEOs and the rest of the C-suite have the right understanding of the threats and the need to increase investment in cybersecurity in line with the new risk levels.”