Companies lack solutions, resources to tackle growing cybersecurity threats

The second Hiscox annual Cyber Readiness Report finds most organizations lack the right mix of strategy and execution to tackle rising threats to cybersecurity, and the Internet of Things (IoT) is a growing part of the problem.

04/05/2018


Image courtesy: Ilya Pavlov/UnsplashThe second Hiscox annual Cyber Readiness Report has just been published, and it presents an exhaustive study of responses to the cybersecurity challenge. Forrester Consulting spoke to more than 4,100 executives in the public and private sector from the U.S. and Europe for the report. The results were striking.

The report reveals just under half of respondents (45%) have suffered a cyber breach in the past year—in 42% of cases due to an external hack. Of the organizations targeted, more than two-thirds (67%) suffered two or more attacks, while 21% suffered four or more. A small number were hit more than ten times last year.

Novice or expert?

So how ready were they to fend off the attackers? Forrester measured organizations' strategies (their oversight and resourcing) against their ability to execute (their processes and technology). From these findings, analysts sorted respondents into three categories: novices, intermediates, and experts.

The bad news is nearly three-quarters of organizations (73%) fall into the novice category, with just 11% qualifying as experts, says the report.

This is despite most respondents understanding the scale of the threat, explained Forrester. "While many firms lack adequate defenses, most are aware of the potential impact of a cyber attack. Two-thirds of respondents (66%) rank the cyber threat alongside fraud as the top risks to their business."

So what sets an expert apart from a novice? Experts combine awareness of the business threats with strategy, professionalism, and proactive engagement, said the report.

"Cyber experts get support from the top and engage a broader range of stakeholders when setting their organization's cybersecurity strategy. Experts are more than twice as likely to agree 'there is formal support for cybersecurity from business leaders and executives on an ongoing basis' (86%, versus 38% for cyber novices). In addition, more than two-thirds (68%) of cyber experts involve the board and executive management in setting strategy."

The internet of risks

A key challenge, according to the report, is the Internet of Things (IoT) is the emerging as a new cybersecurity risk.

Securing the IoT within the organization was cited by 46% of respondents as a goal for 2018—above investing in malware detection (45%), and improving incident response capabilities, ensuring third-party compliance, and reviewing internal security procedures (all on 44%).

"2018 promises to be the year when mandatory reporting of cyber breaches raises awareness and risk to reputations further, as the EU General Data Protection Regulations (GDPR) come into force," said Hiscox adviser Robert Hannigan, the former Government Communications Headquarters (GCHQ) director who set up the UK's National Cyber Security Centre.

"The rapid growth of the Internet of Things will amplify insecurities by adding millions of new devices with minimal built-in security. For those trying to protect against attack, the shortage of cyber skills will continue to be chronic."

The survey highlights a widening gulf between those who "get" cybersecurity, take it seriously and those who regard it as someone else's problem, he added. "Cybersecurity is not an IT issue, but rather a risk for the whole organization; tackling it is more about people, behavior, and culture than clever technology." 

Gareth Wharton, cyber CEO at Hiscox, was not impressed with the report's findings. "As an end of term report, it might have the words 'can do better' scrawled on it in red ink," he said. "It highlights the cyber readiness shortcomings of the majority of organizations in our sample, particularly the smaller ones."

Size along with budget is part of the problem, suggests the report. "The larger organizations in the sample are better prepared: more than one in five (21%) of those with 250 employees or more rank as experts. A further 17% qualify as intermediates. [By contrast] just seven percent of smaller firms rank as experts. "Cyber experts had bigger IT budgets than the novices ($19.8 million on average, versus $9.9 million) and devoted a higher proportion to cybersecurity (12.6% versus 9.9%)."

Nearly three out of five respondents (59%) plan to increase their cybersecurity budgets this year, explains the report. However, it warns: "Spending on technology is often the easy part. To be effective, you have to move on all fronts together. That means people, processes and technology. Simply spending on technology is not enough without a fully structured, rigorous set of processes, combined with people who are fully aware of the issues."

Chris Middleton is the editor of Internet of Business (IoB), a CFE Media content partner. This article originally appeared here. Edited by Chris Vavra, production editor, CFE Media, cvavra@cfemedia.com.

ONLINE extra

See additional stories about the IIoT linked below.



Engineers' Choice Awards
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by Control Engineering subscribers.
System Integrator Giants
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
System Integrator of the Year
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
How to Maximize Factory Automation Efficiency with Low Cost Machine Vision
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Wireless Reliability in Harsh Environments
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
Human Factors and the Impact on Plant Safety
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
June 2018
Discrete and process sensor fundamentals, autotuning controls, system integrator roundtable
May 2018
Salary and Career Survey, IT and OT convergence, robotic standards and safety, secure circuit protection
April 2018
Cybersecurity best practices, artificial intelligence, robotic additive manufacturing, embedded systems, IIoT integration, energy efficiency
Edge Computing
This article collection contains several articles on how today's technologies heap benefits onto an edge-computing architecture such as faster computing, better networking, more memory, smarter analytics, cloud-based intelligence, and lower costs.
IIoT: Machines, Equipment, & Asset Management
Articles in this digital report highlight technologies that enable Industrial Internet of Things, IIoT-related products and strategies.
PLCs
Programmable logic controllers (PLCs) represent the logic (decision) part of the control loop of sense, decide, and actuate. Featured articles in this digital report compare PLCs and programmable automation controllers (PACs), industrial PCs, and robotic controllers.
SIDB

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

June 2018
Machine learning, produced water benefits, progressive cavity pumps
April 2018
ROVs, rigs, and the real time; wellsite valve manifolds; AI on a chip; analytics use for pipelines
February 2018
Focus on power systems, process safety, electrical and power systems, edge computing in the oil & gas industry
John O. Ayuk, PE, CFSE, PMP, CAP
Automation Engineer; Wood Group
Doug Baker
System Integrator; Cross Integrated Systems Group
Jose S. Vasquez, Jr.
Jose S. Vasquez, Jr.
Fire & Life Safety Engineer; Technip USA Inc.
Data Centers: Impacts of Climate and Cooling Technology
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
Safety First: Arc Flash 101
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
Critical Power: Hospital Electrical Systems
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
Engineers' Choice Awards
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by Control Engineering subscribers.
System Integrator Giants
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
System Integrator of the Year
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
How to Maximize Factory Automation Efficiency with Low Cost Machine Vision
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Wireless Reliability in Harsh Environments
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
Human Factors and the Impact on Plant Safety
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
June 2018
Discrete and process sensor fundamentals, autotuning controls, system integrator roundtable
May 2018
Salary and Career Survey, IT and OT convergence, robotic standards and safety, secure circuit protection
April 2018
Cybersecurity best practices, artificial intelligence, robotic additive manufacturing, embedded systems, IIoT integration, energy efficiency
Edge Computing
This article collection contains several articles on how today's technologies heap benefits onto an edge-computing architecture such as faster computing, better networking, more memory, smarter analytics, cloud-based intelligence, and lower costs.
IIoT: Machines, Equipment, & Asset Management
Articles in this digital report highlight technologies that enable Industrial Internet of Things, IIoT-related products and strategies.
PLCs
Programmable logic controllers (PLCs) represent the logic (decision) part of the control loop of sense, decide, and actuate. Featured articles in this digital report compare PLCs and programmable automation controllers (PACs), industrial PCs, and robotic controllers.
SIDB

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

June 2018
Machine learning, produced water benefits, progressive cavity pumps
April 2018
ROVs, rigs, and the real time; wellsite valve manifolds; AI on a chip; analytics use for pipelines
February 2018
Focus on power systems, process safety, electrical and power systems, edge computing in the oil & gas industry
John O. Ayuk, PE, CFSE, PMP, CAP
Automation Engineer; Wood Group
Doug Baker
System Integrator; Cross Integrated Systems Group
Jose S. Vasquez, Jr.
Jose S. Vasquez, Jr.
Fire & Life Safety Engineer; Technip USA Inc.
Data Centers: Impacts of Climate and Cooling Technology
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
Safety First: Arc Flash 101
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
Critical Power: Hospital Electrical Systems
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
Engineers' Choice Awards
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by Control Engineering subscribers.
System Integrator Giants
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
System Integrator of the Year
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
How to Maximize Factory Automation Efficiency with Low Cost Machine Vision
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Wireless Reliability in Harsh Environments
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
Human Factors and the Impact on Plant Safety
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
June 2018
Discrete and process sensor fundamentals, autotuning controls, system integrator roundtable
May 2018
Salary and Career Survey, IT and OT convergence, robotic standards and safety, secure circuit protection
April 2018
Cybersecurity best practices, artificial intelligence, robotic additive manufacturing, embedded systems, IIoT integration, energy efficiency
Edge Computing
This article collection contains several articles on how today's technologies heap benefits onto an edge-computing architecture such as faster computing, better networking, more memory, smarter analytics, cloud-based intelligence, and lower costs.
IIoT: Machines, Equipment, & Asset Management
Articles in this digital report highlight technologies that enable Industrial Internet of Things, IIoT-related products and strategies.
PLCs
Programmable logic controllers (PLCs) represent the logic (decision) part of the control loop of sense, decide, and actuate. Featured articles in this digital report compare PLCs and programmable automation controllers (PACs), industrial PCs, and robotic controllers.
SIDB

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

June 2018
Machine learning, produced water benefits, progressive cavity pumps
April 2018
ROVs, rigs, and the real time; wellsite valve manifolds; AI on a chip; analytics use for pipelines
February 2018
Focus on power systems, process safety, electrical and power systems, edge computing in the oil & gas industry
John O. Ayuk, PE, CFSE, PMP, CAP
Automation Engineer; Wood Group
Doug Baker
System Integrator; Cross Integrated Systems Group
Jose S. Vasquez, Jr.
Jose S. Vasquez, Jr.
Fire & Life Safety Engineer; Technip USA Inc.
Data Centers: Impacts of Climate and Cooling Technology
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
Safety First: Arc Flash 101
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
Critical Power: Hospital Electrical Systems
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
click me