Survey Shows Execs May Not Be As Ready As They Think on Cybersecurity

A recent survey by FICO shows that while enterprise executives are much more aware of cybersecurity threats today, they may not be entirely realistic about their preparedness to tackle them.

The survey results, presented during a panel discussion at the analytics firm’s FICOWorld 2018 conference in Miami Beach this week, showed that almost 80% of respondents are believed their cybersecurity efforts were better than average, with over half believing they’ll be better again in 12 months.

See also: Unsecured devices could lead to a “catastrophic” IoT hacking

But while organizations seem to think they’re ready, those same respondents said they didn’t necessarily know how that improvement in readiness would happen beyond hoping: a third of all respondents said they have no assessment process in place to determine where they could improve.

Julie May, FICO’s VP of cybersecurity solutions, said there’s a new term of art, cyber resilience, being used in some corner offices to describe their firm’s readiness against these threats.

“But if a third don’t know how to assess (their progress), they’re certainly in no position to be resilient in how to manage it,” she said.

The 20-question survey was answered by 500 executives across nine different geographies around the world.

See also: Cybersecurity for the smart grid is a must

One issue causing this disconnect could be that the nature of threats change so quickly that looking in the rearview mirror makes you look vigilant but may be blinding execs to what tomorrow’s threats will be.

“They may see that ransomware attacks are down,” said Maxine Holt, research director at research firm Ovum, who partnered with FICO on the survey. “But what they’re not thinking about is that cryptojacking went through the roof.”

Cryptojacking is the takeover of a firm’s computing capacity to mine cryptocurrencies without the knowledge of the network operator.

There’s a bit of a “shiny object syndrome” going on, said Lou Cirillo of consulting firm Innovus, with executives asking themselves what they need to buy or build next to tackle the threats.

Threats are still seen escalating

Whatever their perceived readiness, the overwhelming number of respondents believe the threat level will continue to rise and they’ll need to spend more to secure their networks and assets. 98% of respondents said there will be more attacks, and 60% said they’d be dedicating more budget to cybersecurity.

On that latter spending stat, that was up from 48% just a year earlier.

And while over two-thirds of respondents say they have invested in cyber-risk insurance in the past year, the majority were unsatisfied in some fashion that the premiums were not merited for their perceived risk level.

But insurance companies’ risk management policies may not as a big an issue as the internal prioritization that may be happening in the enterprise c-suite. While 90% of senior executives polled said they have a significant focus on cybersecurity, only 25% said they have appointed a board member with the responsibility for cybersecurity oversight.