New SolarWinds MSP Security Survey Highlights Overconfidence, Lack of Preparedness by IT Execs to Combat Ransomware and Other Cyber Attacks
Tue, 05/16/2017 - 14:00
Survey reveals that large numbers of U.K. and U.S. businesses overestimate their readiness to combat cybersecurity breaches, despite most reporting breaches in last 12 months
- SolarWinds MSP survey reveals 87 percent of IT executives consider their cybersecurity readiness robust, despite 71 percent reporting at least one breach in the past 12 months.
- For businesses that were breached, 77 percent of them have identified that they have suffered a tangible loss.
- The typical cost to an SMB of a single data breach is $76k/59k GBP and $939k/724k GBP for enterprises.
- Only 16 percent of surveyed businesses consider user training a priority.
- Insider acts were reported as a major cause of data breaches by 32 percent of surveyed businesses.
Durham, NC; Dundee, Scotland; 16 May 2017 – SolarWinds MSP, a global leader in delivering comprehensive, scalable IT service management solutions to IT solution providers and MSPs, today published survey findings outlining the preparedness of UK and U.S. businesses in dealing with cybersecurity breaches. The report reveals that businesses are gravely optimistic about their ability to deter and cope with malicious attacks, despite the majority experiencing a breach over the last year and nearly one-fourth experiencing more than 10.
The potent combination of this lack of preparedness, the frequency of breaches, and the potential commercial impact of each one [$76k/59k GBP for small to medium sized businesses (SMBs) and $939k/724k GBP for enterprises]1, heightens the risk of an “extinction event” i.e., a massive business failure correlating to the breach.
Commenting on the survey, John Pagliuca, SolarWinds MSP general manager, said, “Our findings underscore the problems that contributed to the ‘WannaCry’ ransomware’s ability to cause so much damage around the globe. These results beg the question, ‘How can IT leaders feel so prepared yet still be exposed?’ One of the main reasons is that people are confusing IT security with cybersecurity. The former is what companies are talking about when they think about readiness. However, what they often don’t realize is that cybersecurity protection requires a multi-pronged, layered approach to security that involves prevention, protection, detection, remediation, and the ability to restore data and systems quickly and efficiently. The overconfidence and failure to deploy adequate cybersecurity technologies and techniques at each layer of a company’s cybersecurity strategy could be fatal.”
The research, looking into 400 SMBs and enterprises in the UK and U.S. and conducted by Sapio Research, reveals that 87 percent of IT executives questioned are confident in their security technology and processes’ resilience, and that 59 percent believe they are less vulnerable than they were 12 months ago. Given another 61 percent of businesses are anticipating a substantial boost to their cybersecurity budgets, they are confident this position will improve.
However, 71 percent of the same respondents said they have experienced a breach in the last 12 months.
These breaches are significant and shouldn’t be discounted. Of the businesses that have been breached and could identify an immediately traceable impact, 77 percent revealed that they had suffered a tangible loss, such as monetary impact, operational downtime, legal actions, or the loss of a customer or partner.
SolarWinds MSP also investigated why this overconfidence is occurring and identified seven basic faults:
- Inconsistency in enforcing security policies
- Negligence in the approach to user security awareness training
- Shortsightedness in the application of cybersecurity technologies
- Complacency around vulnerability reporting
- Inflexibility in adapting processes and approach after a breach
- Stagnation in the application of key prevention techniques
- Lethargy around detection and response
Link to the survey here for more information.
The full report from SolarWinds MSP, entitled “2017 Survey Results: Cybersecurity: Can Overconfidence Lead to an Extinction Event? A SolarWinds MSP Report on Cybersecurity Readiness for U.K. and U.S. Businesses” is available here for download.
SolarWinds MSP empowers MSPs of every size and scale worldwide to create highly efficient and profitable businesses that drive a measurable competitive advantage. Integrated solutions including automation, security, and network and service management—both on-premises and in the cloud, backed by actionable data insights, help MSPs get the job done easier and faster. SolarWinds MSP helps MSPs focus on what matters most—meeting their SLAs and creating a profitable business. For more information, visit www.solarwindsmsp.com.
Methodology and Sample
In early 2017, SolarWinds MSP investigated the cybersecurity preparedness, experiences and failings of 400 SMBs and enterprises, split equally across the U.S. and the U.K. SMBs were categorized as having fewer than 250 employees.
1The cost per stolen record data was taken from IBM/Ponemon’s “2016 Cost of Data Breach Study: Global Analysis”
© 2017 SolarWinds MSP UK Ltd. All rights reserved.