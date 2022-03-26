COMMENT-Forcepoint; DCMS Cyber Breaches Survey

March 2022 by Alexandra Willsher, Senior Sales Engineer, Forcepoint

“This year’s survey has highlighted just how much senior leadership within organisations have limited understanding of cyber risk and are often turning to cybersecurity vendors or insurance companies to handle it. While there’s nothing wrong with turning to expert advice, cybersecurity is a challenge that can’t simply be outsourced. Tackling cyber threats adequately requires the efforts of everyone right across an organisation to play their part.

“Adapting to cyber risk is now both a cost and a driver of doing business today. Beyond generating revenue through ransom payments, cybercriminals and nation-states are stealing more than just data, but also highly sensitive IP and other competitive information. The DCMS survey highlights how enhanced awareness of cyber threats and detection ability clearly enables greater identification of attacks – but also the fact that those organisations who are less cyber mature, likely aren’t even knowing they’re being compromised or tested. With over a quarter of respondents saying they estimate they’re being attacked at least once a week, the amount of attempts that are slipping through undetected are significant.

“This shows a deliberate focus by cyber criminals on targets that are perceived to be less well equipped at defending themselves. As an example, banks are well aware of what they have to lose, and are therefore expected to have greater resources when it comes to defence. Those that are least well-equipped to defend themselves are also probably least aware of their obligations when it comes to reporting. The NCSC Cyber Essential scheme is an excellent resource for the smaller enterprise.

“Modern business is highly data driven, and unfortunately cybercriminals are keenly aware of this. To respond, leaders must align their planning around detecting and responding to cyber threats with the wider risk management they’re doing in running their organisations, in order to keep their exposure risk low.”