Businesses Consider Cybersecurity an Afterthought despite Growing Attacks, according to EY Survey

EY Luxembourg has announced the launch of the firm's latest cybersecurity survey; this year’s EY Global Information Security Survey (GISS) showed that almost 60% of organisations have faced an increased number of disruptive attacks in the past year.

The EY GISS, which surveyed almost 1,300 cybersecurity leaders at organisations worldwide, found that activists were responsible for 21% of successful cyber attacks over the past twelve months (second only to organised crime groups at 23%) compared with last year’s study, where just 12% of respondents considered activists as the most likely source of an attack.  

And yet, despite the overall growth in cyberattacks, only one-third (36%) of organisations said that the cybersecurity function (security team) was involved at the planning stage of a new business initiative, according to the EY GISS.

Thomas Koch, EY Luxembourg Cybersecurity Leader, commented: “Cybersecurity has traditionally been a compliance activity, bolted on by a checklist approach instead of built into every technology-enabled business initiative. This is not a sustainable model. If we ever hope to get ahead of the threat, we must focus on creating a culture of security by design. This can only be accomplished if we successfully bridge the divide between the security function and the C-suite and enable the chief information security officer (CISO) to act as a consultant and enabler instead of the stereotypical roadblock”.

According to the survey, while cybersecurity teams generally have good relations with adjacent functions such as IT, audit, risk and legal, there is a disconnect with other parts of the business. Almost three-quarters (74%) said that the relationship between cybersecurity and marketing was, at best, neutral, if not mistrustful or non-existent, while 64% said the same of the research and development team and 59% for the lines of business. More than half (57%) said that their relationship with finance, on which they depend on for budget authorisation, was also strained.  

In this context, Thomas Koch added: “As companies undergo transformation, what’s needed is to build relationships of trust across every function of the organisation, starting at the board level so that cybersecurity is established as a key value enabler. Boards, senior management teams, CISOs and leaders throughout the business must collaborate to position cybersecurity at the heart of business transformation and innovation". 

The latest EY GISS can be downloaded, in English, from https://assets.ey.com/content/dam/ey-sites/ey-com/en_gl/topics/advisory/ey-global-information-security-survey-2020.pdf.