EY: Cybercrime approach is far from mature

It is not a matter if but when an organization will become the target of a cybercrime attack. Even though organizations are increasingly aware of the risks and impact involved with cybercrime while boosting their investment in combatting e-crime, they still have a long way to go. This is concluded by accountants and consulting firm EY in the research report ‘Under Cyber Attack’, based on input of over 2.000 executives from 68 countries.

Companies are increasingly being impacted by cyber issues. 59% of organizations cite an increase in external threats. One-third (31%) of executives confirm that the number of security incidents – threats that have substantially impacted a firm – has increased over the previous 12 months. Apart from the external threats, strikingly enough reckless behavior by employees is seen as one of the most important causes.

In reaction to the increased threat, companies have over the past year boosted their defense. Nearly half (43%) of organizations indicate that information security budgets are on the rise. At the same time, the focus of existing investments is increasingly directed towards security improvement, instead of other IT or online initiatives. In addition, organizations are increasingly aligning their information security strategy with the organization’s business strategy (46%) and more than half align it with their IT strategy.

Despite the improvements in battling cybercrime, executives acknowledge that there still is a long way to go. 65% of the respondents point out the budget is not enough to cope with the ever increasing cyber risks. Exactly half of the managers feel that a lack of skilled and capable resources blocks accurate value creation in the area of cyber security.