What does the shift in how cybersecurity is viewed by senior executives within organizations mean? To find out, Radware surveyed more than 260 executives worldwide and discovered that cybersecurity has moved well beyond the domain of the IT department and is now the direct responsibility of senior executives.
Security as a Business Driver
The protection of public and private cloud networks and digital assets is a business driver that needs to be researched and evaluated just like other crucial issues that affect the health of organizations.
Just because the topic is being elevated to the boardroom doesn’t necessarily mean that progress is being made. Executive preference for cybersecurity management skewed toward internal management (45%), especially in the AMER region (55%), slightly higher than in 2018. Yet the number of respondents who said that hackers can penetrate their networks remained static at 67% from last year’s C-suite perspectives report.
As in the past two years’ surveys, two in five executives reported relying on their security vendors to stay current and keep their security products up to date. Similar percentages also reported daily research or subscriptions to third-party research centers.
At the same time, the estimated cost of an attack jumped 53% from 3 million USD/EUR/GBP in 2018 to 4.6 million USD/EUR/GBP in 2019.
The respondents ranked improvement of information security (54%) and business efficiency (38%) as the top two business transformation goals of integrating new technologies. In last year’s survey, the same two goals earned the top two spots, but the emphasis on information security increased quite a bit this year from 38% in 2018 (business efficiency held steady from 37% in 2018).
Although the intent to enhance cybersecurity increases, actions do not necessarily follow. Often the work to deploy new technologies to streamline processes, lower operating costs, offer more customer touch points and be able to react with more agility to market changes proceeds faster than the implementation of security measures.
Every new touchpoint added to networks, both public and private, exponentially increases organizations’ exposure and vulnerabilities to cyberattacks. If organizations are truly going to benefit from advances in technology, that will require the right level of budgetary investment.
The true costs of cyberattacks and data breaches are only known if they are successful. Senior executives who spend the time now to figure out what cybersecurity infrastructure makes sense for their organizations reduce the risk of incurring those costs. The investment can also be leveraged to build market advantage if organizations let their customers and suppliers know that cybersecurity is part of their culture of doing business. Prevention, not remediation, should be the focus.
Securing digital assets can no longer be delegated solely to the IT department. Rather, security planning needs to be infused into new product and service offerings, security, development plans and new business initiatives. The C-suite must lead the way.