Companies see the largest cybersecurity risk in entering international markets and the introduction of new technologies, according to a joint study by HFS Research and EY, involving 300 leading experts.
However, neglecting the defense of tried and tested business solutions might make even their base activities vulnerable.
The majority of 63% of decision-makers say that they handle data security as a priority. According to the respondents, data leaks and an involuntary pause in services pose the most severe threats to their companyʼs reputation. Six out of 10 experts have either endured a breach in the system or expect such an incident to occur in the next one-and-a-half years.
Some 73% of those surveyed say that protecting data is either critical or very important due to geographical expansion, while 66% say that the key reason behind its importance is new products and services.
At the same time, firms care less about the security shortcomings of technologies already in use. The research notes that businesses tend to focus on new developments, and hence direct a larger portion of their budget to related security services. Additionally, while dangers related to new tech is relatively well-known, the risks of obsolete solutions only surface after incidents occur.
"Threats always reach their goal through the weakest resistance," explains Mihály Zala, head of cybersecurity services at EY Hungary.
"The most up-to-date technologies are designed with minimalizing risks in mind, while the vulnerability of [...] legacy systems may endanger the entire company."
The expert also notes that those just setting out on the path towards digitalization must pay attention to IT security from the beginning, rather than taking care of it later, in the wake of an attack or a new regulation. Building a defense system would be more expensive in this case compared with integrated development starting in the planning phase.
EY says that businesses need to take concrete steps, as both the governmentʼs regulatory bodies and clients are starting to care more about data and information security.
The research argues that it may be worthwhile for companies to involve external experts in the process of building a security-focused corporate culture and to establish the background for getting rid of vulnerable points.