In spite of the headline-making hacks of Sony, Anthem, and many other organizations, many business executives still haven’t prioritized cybersecurity as a top concern. A 2015 NTT Com Security survey showed that half of its participants were not prepared for a cyber attack. Yet hacks are becoming more frequent, and hackers are taking more creative approaches and finding more opportunities to strike. Executives that neglect cybersecurity place their companies at greater risk of a data breach.
The survey, which interviewed 1,000 business executives, revealed some alarming findings. First, only 54% viewed information security as "vital" to their business, and 56% of the participants could not guarantee full protection of their sensitive data. And 34% admitted they spend more money on marketing than on cybersecurity. These statistics show the lamentable reality that today's businesses are ill-equipped for defense against digital threats.
Executives regrettably have a sense of fatalism about hacks: 25% of the interviewees believed their company would suffer a data hack in the future. But these executives may not be aware that current cybersecurity technology provides powerful security against hackers and insider threats. With solutions such as network security monitoring and SIEM, companies will no longer be vulnerable to cyber attacks.
Since executives are busy with other responsibilities to attend to, it's easy for them to neglect cybersecurity, especially given the difficulties of understanding the subject matter. Top management may prefer dealing with data breaches after they happen rather than take a preventative approach because it seems simpler to do. Yet a reactive posture means that the damage is already done.
Failing to prioritize cybersecurity is almost certain to lead to expensive and embarrassing consequences. The average cost of resolving a cyber incident, according to a 2015 Ponemon Institute survey, was $15 million—a far more substantial price to pay than taking proactive measures to prevent such risks.
Of course, appearing in the media as a hack victim can also have negative repercussions for businesses. Customers lose trust in companies that show they can't protect sensitive data like credit card information, and will likely take their business elsewhere or worse, choose to take legal action.
Traditionally, executives hired IT staff to handle cybersecurity matters, but it's a complex issue that an in-house team may not be able to take care of on their own. An affordable option—particularly ideal for SMEs—is to supplement in-house teams with an outsourced managed security service.
Instead of hiring additional expensive personnel, businesses can engage with qualified external experts to provide 24/7 network security monitoring year-round. Along with vulnerability management and remediation guidance, network security monitoring is a core function of SOCVue, EiQ's managed security service. With SOCVue, businesses can stop procrastinating on cybersecurity and avoid costly breaches in the future.