Do companies take cybersecurity seriously enough?

The hard truth that companies must face is that there is no way that cybersecurity risk can be fully eliminated. On the other hand, there are steps that organizations can take to prevent many attacks or mitigate the consequences if any such attack occurs. A recent survey by Microsoft and Marsh provides some valuable insights into how businesses perceive some of these challenges.

While 79% of respondents of the study, called 2019 Global Cyber Risk Perception Survey, have made cybersecurity their top-tier priority, they are quite unsure as to how best to address the issue. In addition, the study – which canvassed views from 1,500 business leaders across the globe – shows that almost a quarter of the companies asked had “no confidence” in responding to and recovering from cyberattacks.

The general decline in confidence from the 2017 edition of the same survey affects other key areas of cyber-resilience, such as preventing cyberthreats or even assessing and understanding them. Companies that aim to keep up with the ever-evolving world also need to adopt new technologies. That said, they often lack confidence in their ability to secure these technologies, which can handicap them in such endeavors.

A total of 74 % of organizations evaluate risks in some way prior to adopting new technology, while 54% assess them after adopting it. While that might sound reassuring to a certain extent, the reality is a bit different, as only 36 % of the organizations asked evaluate the risks both before and after the adoption of new technologies. A mere 5% evaluate risks at all stages, whereas 11 % don’t evaluate them at all.

It is no surprise then that the potential risks involved may dissuade some organizations from adopting emerging technologies, the reason being that the risks outweigh the potential benefits. According to the survey, that happens in 23% of the cases.

Then there is the issue of trust between companies and third-party providers. Certain levels of trust among these parties are indeed standard, with 32% of the survey's participants claiming to trust the vendors to take the necessary steps to secure their products. On the other hand, 40% of the respondents are proponents of the trust-but-verify approach where they do not accept the security claims of the providers. Instead, they always take the necessary precautions and conduct their own due diligence.

Even though more and more companies are starting to approach cybersecurity as a top-tier issue, there is still a great disparity between how cybersecurity is perceived and how it is approached in practice. The numbers mentioned above provide a narrative where a large percentage of companies are not sure about how to deal with cybersecurity, and we can go as far as saying that many of them underestimate it. By extension, it can be safely assumed that many organizations across the world have yet to ensure they’re well-equipped to counter the growing cybersecurity threats.