The results of a survey conducted by identity management company Beyond Identity have found an interesting correlation between hyper-growth companies and cybersecurity: The former are far more likely to take the latter seriously.
Beyond Identity defines hyper-growth companies as those with a growth rate above 40% annually, and found that hyper-growth companies were more likely (62%) than standard-growth organizations (48%) to be proactive toward cybersecurity threats, as well as to more frequently discuss the importance of security (76% to 51%).
SEE: Password breach: Why pop culture and passwords don’t mix (free PDF) (TechRepublic)
It isn’t clear which came first, the security or the rapid growth, but the study makes clear that the situation at the fastest growing companies is different. In addition to proactivity and prioritization, hyper-growth companies are more likely to educate their employees on cybersecurity, secure their hardware, create a security-focused work culture and invest in cybersecurity insurance.
The only cybersecurity practices implemented more often by standard growth companies, the study found, was anti-malware/firewall software and doing data backups.
How to get into a hyper-growth security mindset
Going through Beyond Identity’s report, a narrative began to emerge: Hyper-growth companies prioritize security, and when breaches inevitably happen they respond quickly to implement changes.
The use of password managers is far more common at hyper-growth companies (unfortunately so are a lot of other bad password habits), and hyper-growth organizations are also far more likely to require frequent password changes. Both of those actions help reduce an organization’s attack surface, but cybercriminals don’t seem to care: hyper-growth companies are still breached more often, the report found.
Interestingly enough, despite being breached more often and losing just as much financial data as slower-growing companies, hyper-growth companies only lost an average of $20,000 to $25,000. Slower growth companies saw their average attack cost between $34,000 and $119,000, by comparison.
“Companies should not wait until a breach occurs to implement safety protocols; however, this is often the reality,” the report said. Here’s where a stark difference emerges between hyper-growth and slower growth companies: The hyper ones take immediate action.
SEE: Google Chrome: Security and UI tips you need to know (TechRepublic Premium)
Seventy percent of hyper-growth companies implemented employee cybersecurity education programs after a breach, while only 45% of standard growth companies did so. Sixty percent of rapid-growth companies backed up their data, while 64% took steps to secure their hardware. Of those reporting standard growth, only 47% and 46%, respectively, did the same.
Hyper-growth companies were also far more likely to create a security-focused culture and invest in cybersecurity insurance, which may be part of the reason behind reduced breach costs.
The takeaway here is, regardless of whether you’re trying to prevent a breach or respond to one, the best method seems to be taking an aggressive, proactive stance to protect your organization and its people.