C-level executives rank cybersecurity as the no. 1 challenge they face for the third consecutive year, as more than 85% of companies report experiencing a breach in the past three years, according to a recent report from global management consulting firm A.T. Kearny. However, only 39% of the 400 executives and board members surveyed said their company has fully developed and implemented a cyber defense strategy, the report found, putting them at increased risk for future attacks.
A similar share—37%—said their company has yet to create a cyber defense strategy at all, let alone implement it, the report found. The remaining 24% of executives said their company has developed a strategy, but has yet to fully implement it.
"Given the high stakes—and that executives have long identified cybersecurity as a top challenge for their business—this is a glaring vulnerability," the report stated.
SEE: Network security policy template (Tech Pro Research)
When it comes to attacks, about one-third of executives said their company experienced a cyberattack that compromised customer privacy, while another third said an attack compromised business operations, the report found. About 28% said the company's intellectual property and employee privacy were affected in an attack. Reputational damage was the most frequently cited material effect of these cyberattacks, the report found, followed by increased personnel and expert consultant costs.
Companies that do have a cyber defense plan implemented see several benefits, according to the report. After a breach, 47% of companies with a fully-implemented plan were able to identify the cause of the breach and resolve it within one month, compared to just 26% of those without a complete strategy. Some 18% of executives with fully-implemented cyber defense strategies reported experiencing no cyber breaches over the past three years, while only 6% of those with partially-developed or no plans said the same.
C-Suite executives are split on the top strategies to mitigate cyber threats, the report found. The most popular steps companies have taken to prevent attacks include employee training programs (32%), comprehensive information security strategies (31%), recruitment of high-skilled IT employees (31%), cybersecurity behavior analytics (31%), terms and conditions in contracts (30%), and proactive monitoring and auditing capabilities (29%).
Lower down, the list also includes strategies such as advanced multi-factor authentication tech (29%), cyber insurance (29%), and robust cyber incident response and recovery plan (28%).
"Companies with a fully implemented cyber strategy are better staffed and prepared for cyberattacks," the report found. "Given the consistent and growing concern among executives about rising cybersecurity threats—and the implications for their operations and reputation—it is striking that such a gap in strategic preparations remains."
To learn more about how to create a cyber defense strategy, click here.
The big takeaways for tech leaders:
- More than 85% of companies experienced a cyber breach in the past three years. — A.T. Kearny, 2018
- Only 39% of companies have a fully-developed and implemented cybersecurity defense strategy. — A.T. Kearny, 2018
- How to build a successful career in cybersecurity (free PDF) (TechRepublic)
- Cybersecurity report card: Why too many companies are graded 'could do better' (ZDNet)
- Cheat sheet: How to become a cybersecurity pro (TechRepublic)
- Alphabet hatches cybersecurity company Chronicle using Google technology (ZDNet)
- 5 steps leaders can take to improve cybersecurity in their organization (TechRepublic)
Alison DeNisco Rayome has nothing to disclose. She does not hold investments in the technology companies she covers.
Alison DeNisco Rayome is a Staff Writer for TechRepublic. She covers CXO, cybersecurity, and the convergence of tech and the workplace.