Companies know there’s a skills gap when it comes to cybersecurity — they just aren’t doing anything about it.
Surprising no one: businesses believe they can handle data breaches. Unfortunately, companies aren’t equipped to handle data breaches, no matter how much they think they can.
Sixty-eight percent of U.S. firms say they are better prepared to handle data breaches than their competitors, says solutions company FICO. But according to security company BAE Systems, there are still 1,200 businesses in the United States that aren’t even investigating cybersecurity breaches.
Where companies are failing
As companies are facing more breaches than ever before, having the right team in place is fundamental to preparing for and preventing cybersecurity threats. But they’re not. Only 65 percent of organizations have a cybersecurity expert on staff, according to risk management company Gartner Security.
Among FICO’s findings, 37 percent of executives at U.S. firms think they have the best cybersecurity plans in place. Even more, executives from different sectors believe their companies can handle a breach better than others.
Power and utility providers are the most confident. Eighty-six percent of these companies believe they are a top performer when it comes to protecting customer data. Financial services are the least confident. Ironically, FICO considers them to be the “the most realistic” when it comes to handling cyber attacks. Only 60 percent believe they are a top performer or better-than-average to deal with a data breach.
“Firms have a lot to lose when it comes to their privacy and security risk and must have an accurate picture of how protected they really are,” says FICO VP Doug Clare. “These figures point to the fact that many firms don’t know how they compare against their competitors, which could lead to an under-investment in cybersecurity protection.”
No humans? No problem
BAE Systems notes that the demand for skilled cybersecurity workers is high but people who can fill those roles are low. Fifty percent of businesses admit that a lack of qualified staffers is the leading reason why they can’t meet security goals.
While having a human in charge is by far the best option companies can choose, but they often don’t. As breaches continue to grow, companies are investing in other ways to meet security goals.
“Many [companies] are looking at bringing on new tools to optimize their security monitoring and reporting to improve security with their existing team and help their security operations run more smoothly,” BAE Systems reports. Like adding more IT workers and cybersecurity monitoring tools.
The larger the company, the more likely they are to be happy with their current setup. For big companies of 500 or more employees, 78 percent say their current tools are fine. Meanwhile, 17 percent of bosses from mid-size companies report they aren’t happy with their setup for combating cyber attacks.
Regardless of company satisfaction, many aren’t taking the necessary steps to fix their breaches. Among the BAE Systems findings:
- 37 percent of mid-sized companies are still investigating cyber attacks manually.
- 20 percent of alerts are actually investigated.
- 1,200 companies have done nothing after a data breach.
Due to companies being less-than-enthusiastic about combating data breaches, this leaves your information even more vulnerable.
Rising risk, rising budgets
Businesses are taking cyber attacks seriously, according to Gartner Security. Thirty-five percent of companies that responded to the survey said they have already invested and started to roll out some part of a digital security plan. Gartner estimates that by 2020, that figure will hit 60 percent.
“Cybersecurity is faced with a well-documented skills shortage, which is considered a top inhibitor to innovation,” says Gartner’s research director Rob McMillan. “Finding talented, driven people to handle the organization’s cybersecurity responsibilities is an endless function.”
One way to take threats seriously is to hire seriously. Gartner suggests hiring a Chief Information Security Officer, or CISO, to build, develop, implement, and innovate security teams and plans. Also, increasing budgets to account for new plans might help, too.
“Taking a risk-based approach is imperative to set a target level of cybersecurity readiness,” McMillan says. “Raising budgets alone doesn’t create an improved risk posture. Security investments must be prioritized by business outcomes to ensure the right amount is spent on the right things.”
This is important. Consider this: 95 percent of CISOs say they expect cybersecurity threats to increase over the next three years. If the cyber world is already like the wild west for hackers, the right people need to fill the job.
With great power comes poor data reporting
While companies are either ignoring data breaches or diligently working to up security, one thing is for certain: they know too much about you.
According to digital security company Gemalto, 65 percent of companies don’t use all the data they collect. And executives from 46 percent of companies don’t know where they store sensitive data.
The global survey found that companies handle data differently when broken down by country. Companies in India and Australia, for example, are best at using the data they collect.
“If businesses can’t analyze all of the data they collect, they can’t understand the value of it, and that means they don’t know how to apply the appropriate security controls to that data,” says Gemalto CTO Jason Hart. “Whether it’s selling it on the dark web, manipulating it for financial gain or to damage reputations, unsecured data is a goldmine for hackers.”
Companies might not be playing by the rules with your data, either. While 90 percent of consumers believe companies should comply with data regulations. However, 68 percent of companies admit they don’t comply with data protection laws.
Meet the Author
Article last modified on September 10, 2018 Published by Debt.com, LLC . Mobile users may also access the AMP Version: Your Data Is at Risk Because Businesses Don’t Care - AMP.