More than one-third of global organizations still lack confidence in detecting sophisticated cyberattacks: EY survey

More than one-third (36%) of global organizations still lack confidence in their ability to detect sophisticated cyberattacks, according to Ernst & Young’s (EY) annual Global Information Security Survey 2015, released last week.

The survey, titled Creating trust in the digital world, included participants from 1,755 organizations in 67 countries. Chief information officers, chief information security officers, chief financial officers, chief executive officers and other IT executives from across all major industries were surveyed.

The study examined “some of the most important cybersecurity issues facing businesses today” and found that 88% do not believe their information security structure fully meets their organization’s needs, EY said in a press release. When it comes to IT security budgets, 69% say that their budgets should be increased by up to 50% to align their organization’s need for protection with its managements’ tolerance for risk.

According to the survey, criminal syndicates (59%), hacktivists (54%) and state-sponsored groups (35%) retained their top rankings as the most likely sources of cyberattacks. However, compared with last year’s survey, respondents rated these sources as more likely: up from 53%, 46%, and 27%, respectively, in 2014.

“Organizations are embracing the digital world with enthusiasm, but there must be a corresponding uptick in addressing the increasingly sophisticated cyber threats,” said Ken Allan, EY’s global cybersecurity leader, in the release. “Businesses should not overlook or underestimate the potential risks of cyber breaches. Instead, they should develop a laser-like focus on cybersecurity and make the required investments.”

The survey also found that companies currently feel less vulnerable to attacks arising from unaware employees (44%) and outdated systems (34%); down from 57% and 52%, respectively, in the 2014 study. However, they feel more threatened today by phishing and malware. Forty-four percent of respondents (compared with 39% in 2014) ranked phishing as their top threat; 43% consider malware as their biggest threat versus 34% in 2014. [click image below to enlarge]

Organizations are falling short in thwarting a cyberattack, EY reported, with the survey finding that:

• 54% say they lack a dedicated function that focuses on emerging technology and its impact;

• 47% do not have a security operations centre; and

• 36% do not have a threat intelligence program, while 18% do not have an identity and access management program.

“Cybersecurity is inherently a defensive capability, but organizations should not wait to become victims,” advised Paul van Kessel, EY global risk leader, in the release. “Instead, they should take an ‘active defense’ stance, with advanced security operations centers that identify potential attackers and analyze, assess and neutralize threats before damage can occur. It is imperative that organizations consider cybersecurity as an enabler to build and keep customers’ trust.”