Budget cuts, delays around cyber resilience projects, and redundancies have increased the remote working culture globally amid the pandemic.
The widespread remote working model has apparently increased the risks of cyber-attacks on organizations in the last 12 months and beyond – claims a new research study by NCC Group.
According to statistics, about 40% of the survey respondents froze recruitment in cybersecurity, and another 29% made redundancies. In fact, one in five companies furloughed staff accountable for cyber resilience programs in 2020.
Given the current scenario, nearly 30% of decision-makers experienced delays or cancellations in their cyber resilience projects, and around 27% noted cuts into the cyber resilience budgets. However, such measures could have negatively affected security postures.
More than 70% of enterprises with budget cuts made redundancies, canceled, or delayed their cyber projects have reported an increase in cyber-attacks. In this essence, about 50% of the IT decision-makers reported a surge in remote working – with 66% of those who adopted the same, observing an increase in ransomware and phishing attacks.
Besides, this operational shift exposed some more concerns around the impact of people over cyber resilience – of the 39% that indicated a rise in insider threats, about 51% believed that an increase in the remote working model was the primary cause.
While it is encouraging to perceive businesses’ recognition to make up for the overall loss by investing in cyber, this investment must be used in the right aspects. Indeed, over 33% of decision-makers revealed they would increase their total spending on cybersecurity in 2021.
It is no secret that this digital era marks security improvements as the highest priority for investment across industries. The study also found that the respondents recognized the role that users hold in upholding cyber resilience and overall business IT security.
Nearly 66% of the business leaders admitted that the internal skills shortage was their core challenge for the next 6-12 months. To address this concern, about 66% of the organizations plan to increase their outsourced cyber resilience work this year. Although most organizations plan to increase cyber budgets, the encounters around investment decisions still remain.
Over 90% of firms struggle to assess or quantify the cost versus the benefit of cybersecurity measures. Of those who claim cyber-security is not the highest priority, around 23% noted they do not have the buy-in of senior management. In comparison, 19% claim investment is focused on other areas of the business.
In this context, Ian Thomas, Managing Director at NCC Group, concludes – “The operational challenges that organizations faced in the last 12 months have resulted in a compliance debt that must now be paid off. By addressing internal skills shortages and validating cyber investment against recognized benchmarks, organizations can build a secure platform for growth and maintain cyber resilience in this difficult period.”