Almost All US Organizations Experienced a Cyber Event in the Past Year
The study, which surveyed 577 C-suite executives worldwide on their organization’s cybersecurity programs, also found that a huge proportion (86%) of US companies faced increased cyber-threats due to COVID-19. Interestingly, a significantly lower proportion (63%) of non-US executives reported experiencing an increased rate of attacks during the pandemic.
US executives also revealed a wide range of business impacts arising from cyber incidents or breaches in the past year. These included operational disruption (28%), share price drop (24%), leadership change (23%), intellectual property theft (22%) and loss of consumer trust (22%).
Despite this, 14% of US executives admitted their organization has no cyber-threat defense plans, which compares to just 6% of non-US executives.
According to the survey, the three biggest barriers to US organizations’ cybersecurity management programs were increases in data management, perimeter and complexities (38%), inability to match rapid technological changes (35%) and a need for better prioritization of cyber-risk across the enterprise (31%).
Another major security challenge for US companies is recruitment, with 31% of US executives stating they cannot attract or retain cyber talent. This compares to just 16% of non-US companies.
Surprisingly, the respondents considered the unintended actions of well-meaning employees (28%) to be the biggest cyber threat to US organizations. This was ranked above phishing, malware or ransomware (27%). Yet, despite this, 15% of US executives admitted their organization has no way to detect or mitigate employee cyber risk indicators.
The report also revealed that cybersecurity is a bigger boardroom issue at US firms compared to their non-US counterparts. For example, nearly all (96%) of US executives said cybersecurity is on the board’s agenda more than once a year, which compares to 88% for non-US executives.
Commenting on the findings, Deborah Golden, US Cyber & Strategic Risk leader for Deloitte Risk & Financial Advisory, said: “No CISO or CSO ever wants to tell organizational stakeholders that efforts to manage cyber risk aren’t keeping up with the speed of digital transformations made, or bad actors’ improving tactics.
“Aggressive organizational digital transformations and continued remote work for some seem to be shining more of a spotlight on the human side of cyber events – both the cyber talent gap and the potential risk well-meaning employees can pose. We see leading organizations turning to advanced technologies to help bridge those gaps.”