Amid the pandemic-induced remote working norms, delays around cyber resilience projects, budget cuts, and redundancies have increased a lot globally.
The remote working model has apparently increased the risks of organizations’ cyber-attacks in the last 12 months and beyond – reveals a recent NCC Group research.
According to the study data, almost 40% of the survey respondents froze recruitment around cybersecurity roles, and another 29% made redundancies. Basically, one in five organizations has furloughed staff accountable for cyber resilience programs amid the pandemic.
In this unprecedented era, nearly 30% of business decision-makers experienced delays or cancellations in their cyber resilience projects, and roughly 27% of firms had cut into the cyber resilience budgets. However, such measures could have negatively impacted the security postures.
More than 70% of companies with budget cuts, cancelled, made redundancies, or delayed their cybersecurity plans have reported increased cyber-attacks. In this context, about 50% of the IT decision-makers reported a sudden rise in remote working, and about 66% of those who adopted the same see a spike in ransomware as well as phishing attacks.
Besides, this operational shift exposed many other security concerns around the impact of people over cyber resilience. Of the 39% of respondents that indicated a rise in insider threats, almost 51% believed that an increase in the remote working culture is the primary cause.
While it is helping to perceive that businesses recognize the need to make up for the general loss by investing in cyber security tools, this expense needs to be justified. Indeed, more than one-third of the technology decision-makers revealed they would increase their total spending on cybersecurity from now on.
It is no secret that this modern era marks security augmentation as the highest priority for investment, spanning all industries. The study also found that the respondents acknowledged the role that users hold in upholding cyber resilience along with overall business IT security.
Approximately 66% of the business leaders admitted that the internal skills shortage was their core challenge for the following 6-12 months. Thus, about 66% of the organizations are planning to increase their outsourced cyber resilience work this year to address this concern. Although several organizations plan to increase cyber budgets, the debates around these investment decisions remain.
Over 90% of businesses today struggle to assess or quantify the cost versus the benefit of enterprise security measures. Of those who claim cybersecurity is not the top priority, about 23% indicated that they do not have senior management buy-in. In comparison, only 19% of companies claim investment is focused on other areas of their business.
Given the current market scenario, Ian Thomas, Managing Director at NCC Group, explains, “The operational challenges that organizations faced in the last 12 months have resulted in a compliance debt that must now be paid off. By addressing internal skills shortages and validating cyber investment against recognized benchmarks, organizations can build a secure platform for growth and maintain cyber resilience in this difficult period.”