Companies not doing enough to protect themselves from cyberthreats

Cybersecurity keyboard with lock on top. (Pixbay CC BY O)

Despite widespread awareness of cybersecurity threats, companies still aren’t taking sufficient preventive action, a report says.

Some 53% of executives admitted that their cybersecurity and data privacy budgets are insufficient to respond to a breach, according to research by law firm Fox Rothschild. And nearly a third don’t train all their employees on data breach prevention, a basic component of cybersecurity.

“There is a false sense that they’ve done enough,” Mark McCreary, Fox Rothschild's chief privacy officer, told FierceCEO. “People are going to get more serious because there are going to be more and more hacks.”

“It’s on their radar, but their actions don’t rise to the level of diligence that’s needed,” Elizabeth Litten, privacy and data security practice co-chair at Fox Rothschild, told FierceCEO. “Their customers are going to start demanding these safety nets.”

In other findings:

  • Some respondents indicated that because they don’t retain customer data, they believe their breach risk is significantly lower. Many said they felt safer because they aren’t the kind of consumer brands whose breaches have made headlines, while others saw themselves as too small to target.
  • Most companies are not spending enough of their IT budget on cybersecurity and data privacy programs. Two-thirds of companies reported spending 10% or less of their IT budgets on cyber programs. About half of the respondents (47%) believe that their budget is sufficient to adequately manage a breach response.
  • Statistics show that rank-and-file employees inadvertently cause most data breaches and security weaknesses and thus are most in need of regular training and periodic testing to ensure the training is effective.
  • Business interruption is the most significant impact of a breach noted by respondents. However, many seemed to underappreciate the risk and potential threats posed by state-sponsored attacks from a foreign entity.
  • More than half of respondents collect and store at least five types of customer data, including account information (87%), Social Security numbers (58%) and payment card data (58%). Less than half retain drivers’ license numbers and healthcare information.
  • At 71%, external hacks are the chief source of concern among respondents. This closely paces the 75% who indicated they have been targeted by a phishing attack in the last five years.

Fox Rothschild is hardly alone in sounding a warning about the state of cybersecurity. PwC recently issued a report that examined why businesses are vulnerable to cyber disruptions, the need for business leaders to revitalize data privacy and trust and the long-term future of cybersecurity.

And the Journal of Computer and System Sciences released a report that included an overview of existing security vulnerabilities, new cyberattack patterns and future research trends in cybersecurity.