Many global organizations still lack confidence in their ability to detect sophisticated cyber attacks: EY survey
- Published: Wednesday, 11 November 2015 09:18
More than one-third (36 percent) of global organizations still lack confidence in their ability to detect sophisticated cyber attacks, according to the annual EY's Global Information Security Survey 2015, Creating trust in the digital world.
The survey of 1,755 organizations from 67 countries examines some of the most important cybersecurity issues facing businesses today and finds that 88 percent do not believe their information security structure fully meets their organization's needs. When it comes to IT security budgets, 69 percent say that their budgets should be increased by up to 50 percent to align their organization's need for protection with its managements' tolerance for risk.
The most likely sources of cyber attacks: criminal syndicates (59 percent), hacktivists (54 percent) and state-sponsored groups (35 percent) retained their top rankings. However, compared with last year's survey, respondents rated these sources as more likely: up from 53 percent, 46 percent, and 27 percent, respectively, in 2014.
Vulnerabilities and threats: a shift in perceptions
The survey found that companies currently feel less vulnerable to attacks arising from unaware employees (44 percent) and outdated systems (34 percent); down from 57 percent and 52 percent, respectively, in the 2014 Global Information Security Survey (GISS). However, they feel more threatened today by phishing and malware. Forty-four percent of respondents (compared with 39 percent in 2014) ranked phishing as their top threat; 43 percent consider malware as their biggest threat versus 34 percent in 2014.
The survey also found that organizations are falling short in preventing cyber attacks:
- 54 percent say they lack a dedicated function that focuses on emerging technology and its impact;
- 47 percent do not have a security operations center / centre;
- 36 percent do not have a threat intelligence program, while 18 percent do not have an identity and access management program.
More than half (57 percent) said that the contribution and value that the information security function provides to their organization is compromised by the lack of skilled talent available, compared with 53 percent of respondents in the 2014 survey, indicating that the situation is deteriorating, rather than improving.
Some examples of the industries surveyed:
EY's Global Information Security Survey 2015 – Sector highlights
of cyber attacks
Top priorities for
Companies not changing security budget over next 12 months
Criminal syndicates: 52%
External contractors: 43%
Business continuity/disaster recovery resilience: 59%
Data leakage/data loss prevention:50%
Incident response capabilities: 40%
Banking and capital markets
Cyber attacks to steal financial information:21%
Data leakage/data loss prevention:67%
Business continuity/disaster recovery: 56%
Identify and access management:56%
Power and utilities
Outdated security information, careless or unaware employees, malware: 20% each
Business continuity/disaster protection: 52%
Data leakage/data loss prevention:44%
Security operations, such as anti-virus, patching, encryption: 43%