30% Of Business Leaders Would Pay Ransom

The recently released  Risk: Value Report 2019, by NTT Security, examined the attitudes of more than 2,200 non-IT decision makers to risk and value of cybersecurity to the business across 20 countries. 

The findings revealed cyber-security threats are at the top of the agenda for business leaders, with cyber-attacks (43%) on the top, followed by data loss or theft (37%), and attacks on critical infrastructure (35%). 

Respondents had stated that these cybersecurity issues could affect their organisation in the next 12 months, and thus impacting the organisation more likely than other global issues such as terrorism and government failure. 

It is evident that organisations want to address cybersecurity concerns, with respondents stating that strong information and protecting data integrity were important to 84% and 85% of businesses respectively. With 88% of respondents citing that strong cybersecurity measures would benefit their organisation. 

Amongst the findings it was identified that organisations report that their critical data is no more secure than it was last year, with 48% of all organisations stating that their critical data is secure, whist only 45% have secured all of their organisation’s data. 

Only 58% of organisations have a formal security policy, out of which, 48% stated that employees were fully aware of the policy, with just 28% who fully-understood the policies. 

The Report Conclusions
“The regulatory landscape, particularly regarding the privacy of personally identifiable information, has changed considerably in the last few years, but many businesses are not keeping pace with these changes.”

  • Only 30% of companies think GDPR affects them, with 83% of organisations feeling that compliance is important, however 13% are unaware as to what regulations their organisations are subject to. 
  • In regards to ransomware, 33% of organisations would consider paying a ransom to an attacker instead of investing in cybersecurity, as they believe it is cheaper. 

It was also identified that 36% would rather pay a ransom than get a fine for non-compliance, thus indicating a clear fear about the potential consequences of being non-compliant, but also “indicates a lack of confidence in the ability of some organizations to deal with important regulatory issues”. 

Azeem Aleem, VP Consulting, NTT Security said:

“The Risk: Value report is an interesting barometer based on responses from those sitting outside of the IT function – and is often very revealing. What’s clear is that the world around them is changing, and changing fast, with the introduction of new regulations, integration of new technologies and fast-paced digital transformation projects changing the way we work. 

“What’s concerning though is that organisations seem to have come to a standstill in their journey to cybersecurity best practice, and it’s particularly worrying to see UK businesses falling behind in some critical areas like incident response planning.

“Decision makers clearly see security as an enabler; something that can help the business and society in general. But while awareness of cyber risks is high, organisations still lack the ability, or perhaps the will, to manage them effectively. The execution of cybersecurity strategies must improve or business risk will escalate for the organisations concerned.”

PrivSec Report

You Might Also Read:

Florida Municipality Suffers Cyber Extortion:

SamSam: $6 million Ransomware:

 

« Malboard Exploit Mimics A User’s Keystrokes
Iran’s Cyber Threat to Germany »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

LogRhythm

LogRhythm

LogRhythm's security platform unifies SIEM, log management, network and endpoint monitoring, user behaviour analytics, security automation and advanced security analytics.

Radware

Radware

Radware is a global leader of application delivery and cyber security solutions for virtual, cloud and software defined data centers.

Cyber Aware

Cyber Aware

Cyber Aware aims to drive behaviour change amongst small businesses and individuals, so that they adopt simple secure online behaviours.

National Security Authority (NBU) - Slovakia

National Security Authority (NBU) - Slovakia

The National Security Authority (NBU) is the central government body in Slovakia for the Protection of Classified Information, Cryptographic Services, Trust Services and Cyber Security.

UKAS

UKAS

UKAS is the national accreditation body for the UK. The directory of members provides details of organisations offering certification services for ISO 27001.

Elevate Security

Elevate Security

Elevate is the leading Security Behavior Platform, changing employee security habits while giving security teams unprecedented visibility.

SightGain

SightGain

SightGain is the only integrated risk management solution focused on cybersecurity readiness using real-world attack simulations in your live environment.

MalwareFox

MalwareFox

MalwareFox is an advanced, yet simple-to-use anti-malware solution for Windows computers. We provide aggressive detection capabilities and an effective malware removal tool to keep your systems safe.

Speedinvest

Speedinvest

Speedinvest is one of Europe’s most active early-stage investors with a focus on Deep Tech, Fintech, Industrial Tech, Network Effects, and Digital Health.

Saepio Solutions

Saepio Solutions

Saepio promote an all-encompassing approach to cybersecurity, ensuring the appropriate balance of budget and resource across Policy, Product and People.

National Institute for Research & Development in Informatics (ICI Bucharest)

National Institute for Research & Development in Informatics (ICI Bucharest)

ICI Bucharest is the most important institute in the field of research, development and innovation in information and communication technology (ICT) in Romania.

Zaviant Consulting

Zaviant Consulting

Zaviant Consulting is a leading data security and privacy consulting firm assisting organizations comply with constantly evolving security frameworks and privacy regulations.

Trenton Systems

Trenton Systems

Trenton Systems are committed to providing high-performance computing solutions to customers running mission-critical applications in harsh settings worldwide and across various industries.

Silent Push

Silent Push

Silent Push maps all internet-facing infrastructure with searchable, advanced attributes, generating early indicators of potential threats that are tailored to your environment.

Amplix

Amplix

In the race to create value for your enterprise, Amplix is your best asset for making technology decisions and optimizing your IT infrastructure, cloud usage, and security posture.

Omnex

Omnex

Omnex provides consulting and training services in Quality, Environmental, and Health and Safety standards-based management systems including Automotive Cybersecurity.