By the Numbers: Cybersecurity Preparedness

Is it 80% cybersecurity preparedness to 20% responsiveness? Or the other way around? Or 60% cybersecurity preparedness and 40% responsiveness? What is the formula to keeping your enterprise safe from hackers and nation-state threat actors?

Whatever the proportion, cybersecurity preparedness is a vital component to preventing digital threats and adequately removing them. To even have a hope of deterring attackers, enterprises need to implement adequate solutions, foster digital hygiene education, and incorporate cybersecurity best practices into their everyday workflows. The need for a comprehensive frontline digital defense is self-evident. Yet enterprises across the globe seem to neglect this critical aspect of their cybersecurity policies.

Your cybersecurity preparedness should begin with your employees. Cybersecurity experts around the globe state almost universally that employees are the weakest link in any security policy. Whether due to ignorance, negligence, or simple human error, they are you largest and most porous attack vector. But even with more attention to the problem:

46% of new employees, according to B2B research firm Clutch, don’t know if their enterprise has a cybersecurity policy.   

28% of all employees don’t know if their enterprise has a cybersecurity policy.

Just 16% of employees see unauthorized information sharing as a potential cybersecurity threat.

Just 13% of employees see email phishing scams as a significant digital threat.

87% of entry-level employees don’t know if the numbers of threats they’ll face this year will change.

56% of employees feel their company is prepared for IT security threats.

Distressing statistics, to be sure. That so many employees would be so ignorant or negligent of digital hygiene best practices speaks to a serious communication issue in enterprises of all sizes. But the problems of cybersecurity preparedness reaches into IT departments as well:

75% of respondents to a survey of 1,000 IT professionals by CyberArk conducted last year felt confident they could stop an attack on their corporate network.

46% of IT professionals responding to a survey conducted this year said that they can’t prevent all attacks from breaking into their enterprise’s internal networks.

23% of those respondents say they fail to monitor remote vendor activity.

58% say that their enterprises are susceptible to specially designed phishing attempts among other threats.

The drop in optimism among IT professionals is perhaps most telling about the situation on the ground; the number of digital threats has become too overwhelming for most IT departments to handle in a solely reactive manner. With the uptick in ransomware, phishing attacks, and digital extortion, cybersecurity preparedness is more important than ever.

And yet with the recently uncovered (or rediscovered, depending on your perspective) disconnect between IT departments and CEOs, implementing cybersecurity preparedness seems far more remote. That’s not even adding in the myriad ways cybersecurity preparedness can be sabotaged by inadvertent actions from above:

50% of IT professionals said their enterprises did not inform customers, or did not relay the full extent, of a personal data breach.

42% of business leaders say they store passwords in a document on a company PC—a practice which has proven to be vulnerable.

31% of security professionals surveyed still do not use a privileged account management security solution.

However, there is a little hope if your cybersecurity preparedness is not quite where it should be, finding talent will not be as negatively affected as it could be.

54% of employees would be fine working with a data breach in the past, according to recent findings by (ISC)².

That number changes to 64% if the company in question publicly disclosed the breach in question.