My company, Radware, recently polled 205 C-level IT executives of companies with at least $50 million in revenue to find out how they’re reacting to recent high-profile security breaches.
We surveyed executives from the U.S. and U.K. to take their temperature on everything from ransom attacks to hiring hackers to test their systems.
These are some of the highlights of what we uncovered:
1. Executives talk tough on ransomware, but many victims pay up.
Ransom attacks on a variety of targets have grown in frequency, and our prior research has shown that businesses experiencing attacks jumped from 16 percent in 2014 to 25 percent in 2015. Executives at companies that haven’t been targeted talk tough when asked about how they’d deal with ransoms – 84 percent say they wouldn’t pay. Those that have actually been attacked tell a different story: Some 43 percent of U.S. companies paid the ransom, while 64 percent in the U.K. did the same.
2. Cybersecurity ranks high on executives’ agenda.
The vast majority – 82 percent – of respondents confirmed that the highest levels of company leadership are fully abreast of security risks and mitigation strategies. This result was consistent across industries, showing a wider awareness beyond verticals like finance and retail that have been more sensitive to threats in the past.
Yet the motivation for the attention differs by geography. In the U.K., 20 percent of executives fear lost contracts as a result of cybersecurity breaches, double the rate of their U.S. counterparts. U.S. executives were much more worried about brand reputation damage (38 percent) and productivity loss (27 percent).
3. Budgets show gaps in awareness.
Two-thirds of respondents reported increases in cybersecurity spending since last year, with budgets jumping anywhere from 10 percent to 59 percent. Yet more than half of respondents acknowledged they didn’t know exactly how much money and time their company was spending on security. If the spending increases remain an ongoing trend, awareness will also increase.
4. New approaches and strategies for defense are emerging.
The survey revealed that 29 percent of the executives we polled are concerned about risks posed by the Internet of Things, and many are taking action to involve trading partners in security initiatives – 82 percent now require a security check for suppliers, and 77 percent include suppliers and partners in their security process. Many are open to tapping white- or gray-hat hackers to improve their security operations – 23 percent have already done so, and an additional 36 percent would be willing to. As the threat landscape evolves, watch for executives to shift their strategies to gain any advantage they can.
Ultimately, what the survey reveals is that many top executives are aware of the cybersecurity threats targeting their companies and they’re willing to try new and different strategies to prevent them. However, there’s still more to be done both in terms of awareness and action, and as the ransomware data shows, some executives might not know how they’ll respond until they’re at the mercy of an attacker.
Daniel Smith is an information security researcher for Radware’s Emergency Response Team. He focuses on security research and risk analysis for network and application based vulnerabilities. His research focuses in on denial-of-service attacks and includes analysis of malware and botnets.