Many Chief Executive Officers (CEO) and Chief Information Security Officers (CISO) don’t believe their organizations are prepared for the cybersecurity landscape of today, new research has claimed.
Analyzing cybersecurity strategies and results of 1,200 large organizations in 16 countries, ThoughtLab’s latest report found almost a third (29%) of CEOs, and two in every five (40%) CISOs, are worried about what’s coming.
The reasons for worry are plenty: from the rising complexity of supply chains, to the speed at which digital innovation is happening, to tight cybersecurity budgets, lack of understanding from other executives, emerging technologies, the convergence of digital and physical environments, to talent shortages and ineffective training.
Rising threats of ransomware
With 35%, organizations in critical infrastructure have the highest percentage of unprepared organizations, followed by those in healthcare, the public sector, telecoms, and aerospace and defense.
The survey’s respondents expect rising numbers of social engineering attacks and ransomware attacks against their endpoints in the next 24 months, saying nation-states and cybercriminals will become even more active than they are today.
They expect the attacks to target mostly software misconfiguration (49%) and employees (40%), but will also look for gaps due to poor maintenance, and unknown assets.
ThoughtLab has also analyzed some of the best-performing companies when it comes to cybersecurity, and outlined some of their best practices. With that in mind, the report suggests organizations take cybersecurity maturity to the highest level; ensure adequate cybersecurity budgets (businesses reporting no material breaches last year spent an average of 12.8% of their IT budgets on cybersecurity, or $4.7 million, on average); build a rigorous risk-based approach; make cybersecurity people-centric; harness intelligent automation; improve security controls, and do more to measure performance.