Read Time: 3 Minutes
Cyberattacks are becoming more and more frequent, and continue to be a source of headaches for businesses. Criminals and corporate saboteurs are developing more sophisticated infrastructure and better tools to use against companies. And nations and governments are beginning to turn their cyberattack capabilities toward businesses for intelligence-gathering purposes. Considerations such as these highlight the significance of cyberattacks as a legitimate risk facing companies.
The significance of these threats is easy to measure. The sheer number of cyberattacks increased by 48% from 2013 to 2014, and the AV-Test Institute currently registers over 390,000 new pieces of malware every day.
But it’s more difficult to appreciate the havoc these threats can inflict on unprepared businesses. The costs are at an all-time high, and a study from the Ponemon institute found that 65% of respondents are experiencing more advanced persistent threats/targeted attacks than ever before.
Protecting company data is becoming an increasingly essential and significant cyber security issue for organizations. For example, Forrester predicts that in 2015, privacy will become a competitive differentiator. In a 2014 study from TRUSTe, 60% of UK consumers said that they are more concerned about online privacy than the year before.
F-Secure conducted an online study in 2015 with in France, Germany, the UK, Poland, and the Nordics. The over 1700 respondents were all IT decision makers in various roles and in different sized companies. The key takeaway of the report focuses on how companies are adjusting to a threat landscape populated by increasingly sophisticated threats.
Current security priorities
For most companies, getting the basics right is still the first priority. Ensuring smooth IT operations and performance without disruptions, as well as antivirus protection and protecting against other malware, are still the top two priorities. But, to achieve this in today’s world, companies need to focus on different aspects of IT security.
In our research, IT decision makers also clearly confirm that protecting the confidentiality of their company data (personnel data, customer data, intellectual property, and financial data) is a security priority for their company.
- Ensuring smooth IT operations and performance without disruptions
- Antivirus protection and protecting against other malware
- Protecting against inbound cyberattacks aimed at stealing financial information
- Protecting against inbound cyberattacks aimed at stealing intellectual property
- Protecting against inbound cyberattacks aimed at sabotaging the company
- Protecting against inbound cyberattacks aimed at stealing employee or customer data
Most respondents agree that cyber threats are something that every company needs to be wary of. However, this knowledge does not translate very widely into concrete actions – the more advanced protection methods and tools are still not widely used, even amongst bigger companies.
Challenge with implementation
The study found that while many companies appreciate the security challenges facing them, many of them are unaware of how to meet these challenges using their current approach to security. Furthermore, the study finds that companies are mainly concerned with data protection rather than a more holistic approach to cyber security. While this is unsurprising given the current discussions on the new data protection regulations being ushered in within Europe, it does indicate that the emphasis on data protection has yet to translate into businesses adopting comprehensive cyber security solutions designed to prevent data breaches.
Awareness of security and cyber security is strong in European companies. In most cases, awareness is also reflected in attitudes, and even the language used. However, awareness and attitudes is not always apparent in the behavior of the respondents.