Businesses over-confident about cybersecurity, despite risks

Businesses are over-confident about cybersecurity, despite the risks [Image: HYWARDS via iStock]

Businesses are overly optimistic about their ability to deter and cope with malicious attacks, despite the majority experiencing a breach over the last year and nearly one-quarter experiencing more than ten, according to a new survey.

The SolarWinds MSP Report on Cybersecurity Readiness for UK and US Businesses found that the combination of this lack of preparation for an attack, the frequency of breaches, and the potential commercial impact of each one makes the risk of an “extinction event” – a massive business failure correlating to the breach – even more heightened.

The report revealed that the average attack can cost $76,000 or £59,000 for small to medium-sized businesses (SMB) and $939,000 or £724,000 for enterprises.

John Pagliuca, general manager of SolarWinds MSP, which sponsored the report, said: “Our findings underscore the problems that contributed to the ‘WannaCry’ ransomware’s ability to cause so much damage around the globe.”

He said that these results raise the question of how IT leaders can feel so prepared while remaining exposed.

Mr Pagliuca explained that one of the main reasons for this is because companies confuse IT security with cybersecurity. He said that the former is “what companies are talking about when they think about readiness”.

However, he added that companies often don’t realise that cybersecurity protection requires a “multi-pronged, layered approach to security that involves prevention, protection, detection, remediation, and the ability to restore data and systems quickly and efficiently”.

According to his company’s report, the overconfidence and failure of businesses to deploy adequate cybersecurity technologies and techniques at each layer of a company’s strategy could be “fatal”.

The survey questioned 400 SMBs and enterprises in the UK and US and was conducted by Sapio Research, reveals that 87 per cent of IT executives are confident in their security technology and processes’ resilience. Meanwhile, 59 per cent believe they are less vulnerable than they were 12 months ago.

A further 61 per cent of businesses are anticipating a substantial boost to their cybersecurity budgets, which has lead to them being confident that this will boost their security.