Cyber security report card: Why too many companies are graded ‘could do better’

The vast majority of organisations don’t have a cyber security strategy which leaves them unable to protect against attacks due to a lack of budget and skills.

Despite a year of high profile cyber security incidents including the WannaCry ransomware outbreak, many organisations still lag behind when it comes to cyber security.

“As an end of term report, it might have the words ‘can do better’ scrawled on it in red ink,” said Gareth Wharton, cyber CEO at Hiscox.

Part of the problem lies with a shortage of cyber security professionals, with organisations left trying their best to ensure their networks are safe, but often without the necessary staff required to do so.

“For those trying to protect against attack, the shortage of cyber skills will continue to be chronic,” he added.

The report claims that a common problem across organisations is that many still view cyber security as a technology problem.

While the data by Hiscox suggests that those who spend more on cyber security are in a better position to fend off attacks – organisations which spend twice as much as the $9.9m average IT budget were found to devote a higher percentage of the funds to security and were more resistant to attacks – there’s still an issue around ensuring that people and processes are up to scratch.

Organisations are “failing to support their investment in security technology with a formal strategy, sufficient resourcing and training, and sound processes” says the report.

Ultimately, it means that even if an organisation throws money at purchasing the latest in cyber security technology, it isn’t going to make much of a difference if nobody is teaching staff basics in how to operate securely, such as not giving away passwords or downloading any attachment that comes with unexpected emails.

The report was based on the responses of decision makers in 4,100 organisations across the UK, USA, Germany, the Netherlands and Spain.