Businesses expect cyber attacks, yet many remain unprepared

Part 2 of ISACA’s 2017 State of Cyber Security Study reveals that 80% of organizations believe they will experience a cyber attack this year, yet many of them aren’t putting in place appropriate measures to protect themselves. The main reasons for this are insufficient budgets and an overwhelming number of attacks.

Attacks on the rise

The report reveals that 50% of respondents’ budgets will actually increase, but this figure is lower than that reported in 2016’s study (61%). This means that, while cybersecurity budgets are still increasing, they are doing so more slowly than in the past. This slowing growth is contrary to the trend of cyber attacks themselves, which are rapidly increasing both in number and sophistication.

Meanwhile, 20% of respondents said their budget will stay the same, 8% said it will decrease, and 21% said they didn’t know.

Over half (53%) of respondents said they’d faced an increased number of attacks compared to 2015. The report breaks the attacks down by vector:

  • 40% involved phishing
  • 37% involved malware
  • 29% involved social engineering

The report also highlighted the rapid growth of ransomware, with 62% of respondents saying they experienced a ransomware attack. However, only 53% of respondents indicated that their enterprises have a formal process in place to deal with such attacks.

The respondents also reported having poor cyber defenses in a number of other fields. Only 31% said they routinely tested their security controls, and 13% never test them. Additionally, 16% said they don’t have an incident response plan.

“There is a significant and concerning gap between the threats an organization faces and its readiness to address those threats in a timely or effective manner,” said ISACA’s chairman, Christos Dimitriadis. “Cybersecurity professionals face huge demands to secure organizational infrastructure, and teams need to be properly trained, resourced, and prepared.”

Protect your organization

If you’re looking to take the first steps towards helping your organization protect itself from cyber crime, you should register for IT Governance’s ISO 27001 Certified ISMS Foundation Online training course. ISO 27001 is the international standard that describes the best practice for an ISMS (information security management system), covering people, processes, and technology.

The one-day course provides real-world expertise and insights on how to benefit from ISO 27001. At the end of the course, you can sit an exam to achieve the ISO 27001 Certified ISMS Foundation (CIS F) qualification.

Find out more about our ISO 27001 Certified ISMS Foundation Online training course >>

ISO 27001 Live Online Training