sb-au logo
Story image

Organisations must pay off their post-pandemic cyber debt

Organisations must pay off their post-pandemic cyber debt, says NCC Group.

Budget cuts, redundancies, delays to cyber resilience projects and increased remote working in the last 12 months could all have increased organisations' risk of a cyber attack in 2021, according to new research into cyber security decision makers from NCC.

The results show that 40% of respondents froze recruitment in cyber, 29% made redundancies and one in five furloughed staff responsible for cyber resilience programs in 2020. Three in ten experienced delays or cancellations to their cyber resilience projects and 27% reported cuts to their cyber resilience budgets. 

However, the data suggests that these measures could have negatively affected security postures: over 70% of organisations that cut budgets, made redundancies or delayed or cancelled their cyber projects reported an increase in cyber attacks.

Meanwhile, half of the decision makers reported an increase in remote working, with 66% of those that did so witnessing an increase in phishing and ransomware attacks. This operational shift also exposed concerns around the impact of people on cyber resilience: of the 39% that reported an increase in insider threats, 51% believed that an increase in remote working was the cause.

Encouragingly, two thirds of decision makers claimed that they would increase the total amount spent on cyber security this year, with making security improvements the highest priority area for investment.

Respondents also recognised the role that people play in maintaining cyber resilience, with 66% admitting that an internal skills shortage was their main challenge for the next 6-12 months. To address this shortage, two thirds of organisations plan to increase their amount of outsourced cyber resilience work in 2021.

Although the majority plan to increase cyber budgets, challenges around investment decisions remain: over 90% of respondents struggle to accurately assess or quantify the cost vs benefit of cyber security measures. Of those that claim cyber security is not a high priority, 23% said they dont have the buy-in of senior management and 19% claim investment is focused in other areas. 

"The operational challenges that organisations faced in the last 12 months have resulted in a compliance debt that must now be paid off," says Ian Thomas, managing director at NCC Group.

"While it is encouraging to see that organisations recognise that they must make up lost ground by investing in cyber, it is crucial that this investment is used in the right areas," he says. 

"By addressing internal skills shortages and validating cyber investment against recognised benchmarks, organisations can build a secure platform for growth and maintain cyber resilience in this difficult period."

Story image
Addressing the challenges of least privilege access
Enforcing the right privilege policies across the environment with the right visibility and observability will ensure that the policy mandates hold tight against any behaviour changes.More
Link image
Virtual demo: Diagnose network cabling problems with the LinkIQ Cable+Network Tester
If you’re finding it difficult to install access points and cabling, or if you can’t pinpoint an issue with a video camera or end user, the LinkIQ Cable+Network Tester could be exactly what you need. Try a free, fully interactive demo now.More
Story image
5G network security a US$9 billion dollar opportunity - report
The cloud-native nature of 5G networks will have a disruptive and positive impact on the cybersecurity industry in the next few years, with 5G network security presenting a US$9 billion enterprise market opportunity by 2025.More
Story image
APAC financial firms bite down as crime compliance costs rise
The total projected cost of financial crime compliance within Asia Pacific firms reached US$12.06 billion, according to a new report.More
Story image
Zscaler and CrowdStrike release integrations for end-to-end security
This collaboration between the two cloud-native security companies provides joint customers with adaptive, risk-based access control to private applications.More
Story image
IT leaders prioritising automation, Zero Trust and API-based security investments
"The study shows that a cocktail of multiplying threats, the proliferation of hybrid and cloud architectures, blended with a pandemic-fuelled explosion in distributed and remote work has created a perfect storm for network security teams."More