Surprisingly, larger companies tend to have larger gaps at this point than smaller ones (58% versus 54%). However, cybersecurity budgets are increasing, according to the findings of the Global Information Security Survey 2018-19 (GISS) Is cybersecurity about more than protection?, from EY
The results of the analysis, which surveyed more than 1,400 decision makers and risk managers, point out that a large part of organizations (77%) currently work with basic cybersecurity protections and seek to optimize their capabilities using advanced technologies such as artificial intelligence, process automation robotic and analytical, among others.
"These organizations continue to work on the core concepts of cybersecurity, but are also rethinking their cybersecurity architecture and network to support the business more efficiently," the report said in the report.
The study reveals, however, that only 8% of respondents indicate that information security features respond assertively to their needs. In larger and smaller companies, 78% and 65% (respectively) indicate that security features are at least partially responsive to their needs.
Organizations admit that they would not be expected to improve their cybersecurity practices or increase their budget unless they are subject to some kind of violation or incident with negative consequences.
According to the results, careless employees are the most vulnerable, followed by outdated security controls (26%), unauthorized access (13%) and elements related to the use of cloud computing (10%).
Less than 10% believe they have security systems with a high level of maturity. However, many organizations (82%) do not know if they are successfully identifying security holes and incidents. Among organizations that have been hit by a major incident last year, less than a third (31%) report that the incident was discovered by its own security operations center.
"Organizations have to abandon the silo thinking approach and think of cybersecurity as a cross-cutting issue to implement security-by-design", Considers Sérgio Martins, associate partner of EY. "In this way we will be able to increase resilience to give organizations the confidence they need to take advantage of emerging opportunities and manage cyber attacks."
For more information or to download the report, visit http://ey.com/giss.