Most organizations today are well aware of the potential risks associated with cyber security. But not all those risks are of equal weight. A global survey of 1,800 business decision-makers conducted by Vanson Bourne on behalf of NTT Security, a provider of managed services, published today makes it clear that damage to the reputation of the organization is of much higher concern to business executives than any potential financial loss.
The survey specifically ranks loss of consumer confidence as the biggest concern (56 percent), followed by damage to brand/reputation (52 percent). Direct ﬁnancial loss comes in at 40 percent, followed by financial penalty from an industry body or government (31 percent), and disciplinary action against employees/management (30 percent).
From a managed services provider perspective, the bad news is the survey finds that only 1 percent of respondents currently rely on a third-party managed security services provider. The good news is that well over a third (37 percent) said they soon will. Of those, one in five (18 percent) cite a lack of cybersecurity skills as the main reason for making that change.
Lingering security denial
Clearly, business executives are starting to connect the dots between the seriousness of the cybersecurity threat and the lack of internal skills available to combat it. At the same time, however, the survey shows that not every business executive is fully committed to cyber security. The survey finds that one in three respondents said they would opt to pay the ransom in the event of a breach rather than invest in additional IT security. Another 16 percent said they were unsure what they would do.
New @vansonbourne survey: 1 in 3 business execs said they’d pay ransom rather than invest in additional #ITsecurity @SmarterMSP
The NTT Security survey also delves into the cost of recovering from a security breach, which on average is estimated by the survey to $1.5 million. The survey, however, also notes that 24 percent of the respondents were not even able to provide an estimate for those costs. On average, respondents anticipated it would take them 57 days to recover from a security breach.
Perhaps more concerning is that fact that nearly half the respondents (47 percent) said they had not been affected by data breaches. A third (33 percent) said they don’t expect to be impacted by a security breach, and 14 percent said they are assuming they will be. A total of 41 percent said they had been impacted.
Proceed with caution
The survey also notes that operations spent more of its budget on information security this year (18 percent) than IT departments did (14 percent), which suggests that the way cybersecurity budgets are allocated is changing substantially. Yet, a large percentage of respondents (43 percent) still view security as the IT department’s problem.
MSPs should be heartened by the number of business executives that plan to rely on external service providers to improve cybersecurity. But, MSPs should also proceed with care when contracting with any potential customer. The NTT Security survey makes it clear there are lots of customers who might be more trouble than they are worth given their overall attitude on cyber security. The trick is to make the customer essentially audition to become a customer without knowing it. Otherwise, when it ends badly, it’s the MSP’s fault for not truly appreciating the real nature of the risk being assumed.