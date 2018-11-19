Firms do not spend enough on info security - EY survey

Bence Gaál

Digital transformation has escalated cyber threats further, yet companies are doing nowhere enough to tackle the risks, concludes EYʼs Global Information Security Survey, made with 1,400 company leaders, IT managers, and information security experts from 60 countries.

The survey says that though an increasing number of companies realize the scale of data protection threats, they usually fail to spend enough on enhancing their cybersecurity.

However, with the digital transformation of companies already in progress, every decision-maker tends to spend more money on emerging technological solutions than last year. Between January 2017 and this March, about two billion pieces of personal and sensitive data found its way to unauthorized people.

"Recognizing the importance of cybersecurity is not enough, companies have to act as soon as possible to be able to protect both their own and their clientsʼ data," says Mihály Zala, head of EY Hungaryʼs cybersecurity branch. "Within the framework of a large-scale, directed attack, 550 million phishing emails were sent this year, while 1,464 clerks in an Australian province use ʼPassword123ʼ as their password. This situation has to be changed, since client data should not be more important for criminals, than for the organizations handling them."

Some 92% of those surveyed are worried about the information security of key activities, but 32% only spend an insignificant amount of money on this area. While most are planning to spend more on cybersecurity next year, the budgets are expected to stay under the appropriate budget, EYʼs survey finds.

More than half of companies are trying to handle information security without a comprehensive strategy. While these firms are optimizing their own processes with technologies such as AI, robotized process automation, and analysis, nearly 80% are still struggling to transcend basic-level cybersecurity.

The three most valuable data types are client and financial information, and company strategy plans. Respondents find phishing, malware, and cyber attacks causing shutdowns the worst of the threats. The most likely sources of such threats could be careless or malevolent employees, or criminal organizations, the surveyed say.

"Companies have to make advances in three fields in order to efficiently protect their sensitive information, and in turn their competitiveness," adds Zala. "First, we have to identify valuable data and build the appropriate defense, then optimize cybersecurity activities, and finally complete digital transformation with planning based on IT security aspects."