Are you sure?

Firms not spending enough on info security - EY survey

The digital transformation has escalated cyber threats further, yet companies are doing nowhere near enough to tackle the risks, concludes EYʼs Global Information Security Survey, conducted with the participation of 1,400 company leaders, IT managers and information security experts from 60 countries.

The survey says that although an increasing number of companies realize the scale of data protection threats, they usually fail to spend enough on enhancing their cybersecurity. However, with the digital transformation of companies already in progress, decision-makers are tending to spend more money on emerging technological solutions than last year.

Between January 2017 and this March, about two billion pieces of personal and sensitive data found their way to unauthorized people.

"Recognizing the importance of cybersecurity is not enough; companies have to act as soon as possible to be able to protect both their own and their clientsʼ data," says Mihály Zala, head of EY Hungaryʼs cybersecurity branch. "Within the framework of a large-scale, directed attack, 550 million phishing e-mails were sent this year, while 1,464 clerks in an Australian province use ʼPassword123ʼ as their password. This situation has to be changed, since client data should not be more important for criminals than for the organizations handling them."

Some 92% of those surveyed are worried about the information security of key activities, but 32% only spend an insignificant amount of money on this area. While most are planning to spend more on cybersecurity next year, spending is expected to stay under the appropriate budget, EYʼs survey found.

More than half of companies are trying to handle information security without a comprehensive strategy. While these firms are optimizing their own processes with technologies such as AI, robotized process automation and analysis, nearly 80% are still struggling to transcend basic-level cybersecurity.

The three most valuable data types are client information, financial information, and company strategy plans. Respondents find phishing, malware, and cyber attacks causing shutdowns as the worst threats. The most likely sources of such threats could be careless or malevolent employees, or criminal organizations, those surveyed say.

"Companies have to make advances in three fields in order to efficiently protect their sensitive information, and in turn their competitiveness," adds Zala. "First, we have to identify valuable data and build the appropriate defense, then optimize cybersecurity activities, and finally complete digital transformation with planning based on IT security aspects."