We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 - 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!
Even as cybersecurity threats rise, a few American organizations still continue to operate without a defense plan or strategy, Deloitte reported Tuesday.
In its 2021 Future of Cyber survey, the accounting and consulting firm revealed that 98% of U.S. executives said their organizations had experienced at least one cybersecurity incident over the past year — compared to 84% in non-U.S. regions. However, despite the higher rate of incidents, nearly 14% of these executives reported that their firms do not have a cyber threat defense plan. Outside the U.S., just 6% of executives had this response.
The findings, combined with the fact that 86% of U.S. executives attributed increasing threat activity to COVID-19, highlight the looming threat of cyberattacks against U.S.-based organizations and the current room for improvement. The names of the American participants remain undisclosed, although Deloitte notes that they all were from major companies with annual revenues ranging from $500 million to over $30 billion.
Deloitte interviewed 577 C-suite executives from around the world, including 159 from the U.S., to understand and compare the cybersecurity preparedness of U.S. and non-U.S. companies. According to the U.S. executives whose organizations were impacted, cybersecurity incidents over the last year came at the cost of problems such as operational disruption, share price drop, leadership change, intellectual property theft, and loss of customer trust.
Strong organization-wide cybersecurity management programs could have prevented these outcomes, but an increase in data management, perimeter and complexities, inability to match rapid technology changes, and poor prioritization of cyber risk, all act as obstacles to these efforts, the survey detailed.
Human-driven vulnerabilities have also come to the forefront in light of the rapid digital transformation and increasing transition to remote work.
As many as 28% of the U.S. executives said they are more concerned about cyber threats from unintended errors of employees/vendors than they are about phishing, malware, or ransomware attacks.
While 15% of the respondents said they had no way to detect or mitigate employee-related cyber risk, 44% said they rely on leadership to monitor employee behavior and assess risks and 41% said they use AI- or ML-driven tools.
Deborah Golden, a principal for U.S. cyber and strategic risk at Deloitte said, “Emerging technologies — like advanced analytics, artificial intelligence, and machine learning — can help identify and mitigate vulnerabilities that employees, vendors, or others can unintentionally create in organizational systems. Further, proactive, tech-enabled cyber programs and adoption of Zero Trust frameworks can offer considerable support to risk management reaching far beyond security itself, nurturing trust between organizations, their employees, clients, and other stakeholders.”
According to the survey, zero trust adoption continues to be a top priority for U.S. executives but not for those in the rest of the world.
Cybersecurity talent gap
In addition to the risk of human error, organizations also face the challenge of recruiting the right talent to improve their security posture. Thirty-one percent of U.S. executives said their organizations are often unable to recruit/retain top cyber talent — twice of what non-U.S. executives reported.
“The cyber talent gap is a long-standing industry challenge. And, as the threat landscape and adversarial set diversify, it’s driving the need for cybersecurity professionals to take more silo-breaking approaches to problem-solving that use a complement of both traditional, technical capabilities as well as less traditional, skill sets in areas like talent management, marketing data retention, and supply chain operations,” Golden added.
She emphasized that investing in constant learning and upskilling of talent and hiring a mix of traditional and non-traditional cyber professionals can solve the problem.
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn more about membership.