The vast majority (89 per cent) of organisations are confident in their cyber security capabilities, feeling that they are in a good position to protect themselves from attack. However, four in ten businesses are not taking critical steps to lock down sensitive information, putting them at risk from data loss, data theft and the next ransomware attack.
This is according to a new report – ‘After Equifax and WannaCry: Security Practices and Expectations’ – by security software firm Varonis. The survey, which polled 500 IT decision makers in the UK, Germany, France and the US, “highlights an alarming disconnect between security expectations and reality”, according to Varonis.
Among the findings were the fact that nearly half of respondents (45 per cent) believe their organisation will face a major, disruptive attack in the next 12 months. Data theft and loss were named as the top concerns for businesses looking ahead to 2018.
The report also found that 25 per cent of respondents reported that their business was hit by ransomware in the past two years, while 26 per cent said their company had experienced the loss or theft of company data in the past two years.
Some eight in ten respondents reported being confident that hackers are not currently on their network, while 85 per cent have changed or plan to change their security policies and procedures in the wake of widespread cyberattacks like WannaCry.
John Carlin, former assistant attorney general for the US Department of Justice’s National Security Division and currently chair of Morrison & Foerster’s global risk & crisis management practice, said: “It is encouraging that IT professionals are understanding that it’s a matter of when, not if, their organisation will be hit with a damaging cyber attack. However, their level of confidence when it comes to security is inconsistent with what we see in practice.
“The reality is that businesses are consistently failing to restrict access to sensitive information and are regularly experiencing issues such as data loss, data theft and extortion in the form of ransomware.”