30% Of Business Leaders Would Pay Ransom

The recently released  Risk: Value Report 2019, by NTT Security, examined the attitudes of more than 2,200 non-IT decision makers to risk and value of cybersecurity to the business across 20 countries. 

The findings revealed cyber-security threats are at the top of the agenda for business leaders, with cyber-attacks (43%) on the top, followed by data loss or theft (37%), and attacks on critical infrastructure (35%). 

Respondents had stated that these cybersecurity issues could affect their organisation in the next 12 months, and thus impacting the organisation more likely than other global issues such as terrorism and government failure. 

It is evident that organisations want to address cybersecurity concerns, with respondents stating that strong information and protecting data integrity were important to 84% and 85% of businesses respectively. With 88% of respondents citing that strong cybersecurity measures would benefit their organisation. 

Amongst the findings it was identified that organisations report that their critical data is no more secure than it was last year, with 48% of all organisations stating that their critical data is secure, whist only 45% have secured all of their organisation’s data. 

Only 58% of organisations have a formal security policy, out of which, 48% stated that employees were fully aware of the policy, with just 28% who fully-understood the policies. 

The Report Conclusions
“The regulatory landscape, particularly regarding the privacy of personally identifiable information, has changed considerably in the last few years, but many businesses are not keeping pace with these changes.”

  • Only 30% of companies think GDPR affects them, with 83% of organisations feeling that compliance is important, however 13% are unaware as to what regulations their organisations are subject to. 
  • In regards to ransomware, 33% of organisations would consider paying a ransom to an attacker instead of investing in cybersecurity, as they believe it is cheaper. 

It was also identified that 36% would rather pay a ransom than get a fine for non-compliance, thus indicating a clear fear about the potential consequences of being non-compliant, but also “indicates a lack of confidence in the ability of some organizations to deal with important regulatory issues”. 

Azeem Aleem, VP Consulting, NTT Security said:

“The Risk: Value report is an interesting barometer based on responses from those sitting outside of the IT function – and is often very revealing. What’s clear is that the world around them is changing, and changing fast, with the introduction of new regulations, integration of new technologies and fast-paced digital transformation projects changing the way we work. 

“What’s concerning though is that organisations seem to have come to a standstill in their journey to cybersecurity best practice, and it’s particularly worrying to see UK businesses falling behind in some critical areas like incident response planning.

“Decision makers clearly see security as an enabler; something that can help the business and society in general. But while awareness of cyber risks is high, organisations still lack the ability, or perhaps the will, to manage them effectively. The execution of cybersecurity strategies must improve or business risk will escalate for the organisations concerned.”

PrivSec Report

You Might Also Read:

Florida Municipality Suffers Cyber Extortion:

SamSam: $6 million Ransomware:

 

« Malboard Exploit Mimics A User’s Keystrokes
Iran’s Cyber Threat to Germany »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Cristie Data

Cristie Data

Cristie have been a trusted, innovative and leading edge data storage, backup and virtualisation solutions provider across all sectors of industry for over 40 years.

Nordic IT Security

Nordic IT Security

Nordic IT Security is a cyber security business forum in Scandinavia bringing together the converging worlds of IT, Cyber and Information Security.

Conix

Conix

Conix offerings include Governance and Risk Management, Auditing and Penetration Testing, Digital Forensics, Managed Security Operations Centre (SOC).

EverC

EverC

EverC (formerly EverCompliant) is a leading provider of cyber intelligence that allows acquiring banks and payment service providers (PSP) to manage cyber risk.

e2e-assure

e2e-assure

e2e Protective Monitoring and Security Operations Centre (SOC) Service is a complete cyber defence service to protect your critical assets from cyber attacks and GDPR breaches.

Subex

Subex

Subex leverages its award-winning telecom analytics solutions in areas such as Revenue Assurance, Fraud Management, Asset Assurance and Partner Management, and IoT Security.

Riskified

Riskified

Riskified is a leading eCommerce fraud-prevention company, trusted by hundreds of global brands – from luxury fashion houses and retail chains, to gift card and ticket marketplaces.

Nuspire

Nuspire

Nuspire provide services to protect your network with best-in-class managed detection and response, allowing you to stay focused on managing your business.

OCM Business Systems

OCM Business Systems

OCM are experts in the safe, secure and responsible disposal of IT & EPoS assets.

SuperCom

SuperCom

SuperCom are a global secure solutions integrator and technology provider for governments and other consumers facing organizations around the world.

TAV Technologies

TAV Technologies

TAV Technologies is a provider of technology services to the aviation industry in areas including airport infrastructure systems, digital transformation and cybersecurity.

Information Systems Security Association (ISSA)

Information Systems Security Association (ISSA)

ISSA is the community of choice for international cybersecurity professionals dedicated to advancing individual growth, managing technology risk and protecting critical information and infrastructure.

Seraphic Security

Seraphic Security

Seraphic Security provides attack protection to enable safe browsing for employees or contractors, as well as advanced governance controls to enforce enterprise policies across devices.

Paperclip

Paperclip

Paperclip provides paperless solutions while enabling compliance and security for the exchange of critical content.

Entro Security

Entro Security

Entro is the first holistic secrets security platform that detects, safeguards, and enriches with context your secrets across code, vaults, chats, and platforms.

SysGroup

SysGroup

SysGroup is an award-winning managed IT services, cloud hosting, and IT consultancy provider.