Organisations are demonstrating an unprecedented focus on security as part of normal business operations in the light of digital transformation, a global study reveals.
This is evidenced by the fact that one in five chief information security officers (CISOs) are now reporting directly to the CEO, 15% of organisations have a security budget of more than 10% of their overall IT budget, and 65% of organisations are tracking and reporting regulatory compliance, according to the State of cybersecurity report 2019 by IT services firm Wipro.
The study also reveals that 25% of organisations are carrying out security assessments in every build and 39% of organisations now have a dedicated cyber insurance policy.
All of these points showed dramatic increases from previous years, according to the report, which is based on three months of research, including surveys of security leaders, operational analysts and 211 global organisations across 27 countries.
The report notes that cyber attacks are becoming more targeted and sector-specific, while attackers are operating in stealth mode making attribution of attacks more difficult. At the same time, digital transformation has taken centre stage and new technologies are increasing the cyber attack surface.
In the face of these constantly evolving cyber attack techniques – often using tried and tested tools in new ways – the study shows that organisations are aligning themselves to cyber-resilient strategies in new ways too, by focusing on security in cloud computing and the use of internet of things (IoT) devices, as well as tapping into community cyber threat intelligence and bolstering resilience through cyber insurance and taking part in cyber attack drills.
With cloud and IoT adoption on the rise, the study shows 28% of organisations perceive cloud account hijacking as one of the top security threats to their cloud environments. As a result, 26% of organisations are prioritising security assessment of IoT devices to mitigate new risks.
Raja Ukil, Wipro
More than two-thirds (67%) of organisations are also now willing to share indicators of compromise, such as malicious IP addresses, URLs and domains, while a third (33%) of organisations are willing to share attacker tactics, techniques and procedures with industry peers.
Information sharing and timely threat intelligence, the report shows, have become critical enablers in anticipating and mitigating new and developing attacks.
The study also reveals that 39% of organisations now have a dedicated cyber insurance policy, up by 12% in 2017, while 28% of organisations participate in cyber attack simulation exercises coordinated by industry regulators, and one in four organisations now carry out security assessments in every build cycle.
“With organisations riding the digital wave, security strategies need to be enhanced to address the changing landscape and enable a smooth and safe transition,” said Raja Ukil, global head for cyber security and risk services at Wipro.
“Security is also evolving to be a pervasive part of core business operations, and countries are establishing active cyber defence strategies and functions to foster partnerships with the private sector enterprises and with other countries. Amidst growing threats, leaders are collaborating more than ever before in new and innovative ways to mitigate the risks,” he said.
The report concludes that data and content security continues to be the most significant innovation and growth driver, while there is a stable pace of innovation and implementation in cloud security.
“Even niche upcoming areas such as API [application programming interface] and IoT security are expected to become mainstream in the next two- to five-year timeframe,” the report said.
Read more about IoT security
- Researchers uncover more than 35 vulnerabilities in six leading enterprise printers, many of which could allow access to corporate networks, underlining the need to counter security risks of embedded systems.
- The IoT Security Foundation has published a guide on security for smart buildings to highlight key issues and gather feedback to inform future guidance for industry stakeholders.
- The UK plans to measures to require that basic cyber security features are built into internet-connected devices.
- IoT researcher says unconfigured internet-connected devices are a largely unrecognised cyber security risk to businesses and consumers, and welcomes the increased likelihood of UK IoT legislation.