Six out of ten companies struggle with cyber risk management
One in ten companies has no strategy for responding to specific cyber security incidents. This is one of the key findings from the CIO report "Leading your busineess through cyber risk" published by Barracuda Networks Inc, a provider of cloud-first security solutions.
The report is based on data from Barracuda's international Cybernomics 101 study and analyzes how challenges in the areas of security policies, management, third-party access and supply chains can affect a company's capabilities. The report also shows how companies can appropriately manage and respond to cyber risks.
The report includes an organizational cyber resilience audit checklist created by Barracuda experts based on the NIST 2.0 Cybersecurity Framework from the US National Institute of Standards and Technology to help organizations improve their cyber resilience.
The results of the report show, among other things, that many companies still find it difficult to implement company-wide security guidelines such as authentication measures and access controls: Almost half (49 percent) of respondents in small and medium-sized enterprises (SMEs) cited this as one of the top two challenges facing senior management. In addition, more than a third (35 percent) of respondents in SMEs are concerned that their management does not recognize cyberattacks as a potentially serious risk. In larger companies, on the other hand, the challenges tend to be a lack of budget (38 percent) and finding qualified specialists (35 percent) in the area of cyber security.
Many companies are also concerned about the lack of security and ability to control their supply chains, as well as a lack of transparency when working with third parties who have access to sensitive or confidential data. Around one in ten companies also do not have a contingency plan that they can fall back on in the event of a successful cyberattack.
"For many companies, a security incident is now inevitable sooner or later," says Siroui Mushegian, CIO of Barracuda Networks. "Being prepared is essential when it comes to surviving and responding appropriately to such incidents - that's cyber resilience. Modern, comprehensive security solutions do a lot of the work in this regard, but successful cyber resilience also depends on governance within the company, i.e. the policies and measures at management level and many other internal factors that enable a company to manage cyber risks sensibly. The National Institute of Standards and Technology has also defined security governance as a strategic priority as part of its updated cybersecurity benchmark framework published in early 2024."
The report provides companies with practical templates for cyber risk management processes.
Source: www.barracuda.com
