Cybersecurity is now a key priority for businesses in the United States. However, the risks and dangers posed by cybersecurity threats are always changing, so it can be hard for businesses to keep up. To solve this problem, IT leaders need to understand why cybersecurity is such a challenge. They need to know how cyberattacks are harming businesses and where investments in cybersecurity should be focused. It is also important for the leadership to prioritize cybersecurity and make sure it fits within the overall culture of the company. The U.S. Cybersecurity Census report by Keeper maps the changing landscape of cybersecurity and provides leaders with a better understanding of the threats their businesses face and what they need to do to overcome these threats.
This post discusses some key takeaways from the report.
Impact of cyberattacks on organizations
The average U.S. business experiences 42 cyberattacks in a year. A great majority of respondents believe that the total number of attacks will increase over the next year. 39% predict that the number of successful cyberattacks will also increase. Successful cyberattacks can cause serious damage to businesses. 31% of respondents suffered a disruption of partner/customer operations due to a cyberattack. 31% experienced theft of financial information while 18% experienced theft of money.
The financial cost of cyberattacks is also significant. Of those organizations that experienced theft of money due to cyberattacks, the average amount was more than $75,000. 37% of organizations lost at least $100,000 or more. These direct and indirect financial losses can be catastrophic, especially for small and medium-sized businesses (SMBs), employing 46.8% of all employees in the United States.
Cybersecurity investment of IT leaders
Though most U.S. IT leaders feel that their organizations are prepared to prevent cyberattacks, they have very serious weak points in their organizations’ security postures.
IT leaders need to make an urgent investment in protecting passwords and credentials. It is a minimum practice to ensure that all employees use strong, unique passwords for every account. 44% of respondents guide their employees and provide best practices governing passwords and access management. However, 30% of respondents are allowing employees to set and manage their passwords, and employees often share access to passwords. Only 26% have a highly sophisticated framework for visibility and control of identity security.
Cybersecurity can be complex to implement as it is a challenge to keep track of all the changes and know what to do to stay safe. Many organizations are planning how they can invest in the future, but they can be outmatched by new threats arising due to the existing security gaps that need to be fixed.
Cybersecurity is the top concern for the C-suite
Cyberattacks are happening more and more, and they’re getting more sophisticated. So, it’s important to invest in security measures now, before the problem gets worse.
60% of respondents report that their C-suite’s commitment to cyber protection was of significant importance. Only 3% feel cybersecurity is not important to senior leaders in their organization. 37% of respondents stated that their C-suite is making only small investments as required or planning to make investments in the future.
There are only that many cybersecurity workers in the U.S. who can fill 68% of the cybersecurity jobs that employers have open. The lack of cybersecurity skills in businesses is a big risk. 71% of businesses have hired new people in the past year for cybersecurity work, and 58% have increased training for cybersecurity during this time.
50% of respondents say they have increased how much they spend on cybersecurity software. This shows that businesses are committed to continuing to improve their security technology. Even though there might be some economic challenges in the next year, 73% of respondents expect their cybersecurity budget to increase.
Cybersecurity culture in the US
Despite cybersecurity investments and clear prioritization from the C-suite, IT leaders admit a concerning lack of transparency in cyber incident reporting within their organizations. 48% of respondents were aware of a cyberattack but kept it to themselves and didn’t report it to any relevant authority. Businesses will fail to respond to attacks if they are not reported timely which can lead to businesses becoming less secure.
79% of IT professionals are concerned about breaches from within their organization, while 47% of those respondents have suffered a breach. This indicates that more needs to be done to educate teams and ensure all follow cybersecurity best practices.
Organizations can build a robust cybersecurity culture by exploring insights from third-party sources. As cybersecurity threats increase, IT leaders in US should lead by example. As a first step, they should be open with other leaders about attacks. An open dialogue can help recognize the scale of the cybersecurity challenges organizations face. Only by understanding the challenges, it is possible to devote resources to education and truly embed a cybersecurity mindset into an organization’s culture.
Businesses are getting hit with more and more threats. Leaders can’t wait for things to get better. The speed of cyberattacks is not going to decrease, even if the budget for defenses decreases. It’s always cheaper to prevent something from happening than it is to fix it later. Businesses need to put in place defenses against cyberattacks. However, for businesses in the U.S. to be truly secure, a culture change is essential. Businesses and IT leaders not only voice commitments to cybersecurity, but also act on them and make cybersecurity a part of organizational culture.
Every business needs to have good cybersecurity, but it starts with the leaders’ understanding and being responsible for it. IT leaders also need to educate their employees and make sure progress is being made.
Leaders can get the complete report here.