With the volume of cyber-attacks continuing unabated, security has become a boardroom concern with most companies preferring to have in-house security management
According to Radware’s 2017 Executive Application & Network Security Survey, a majority of corporate leaders also voiced support for automated security systems and sought governmental intervention to address security concerns. Radware conducted a global survey of 200 C-suite executives in the US and Europe to understand their greatest challenges, threats, and opportunities relating to cyber security. The survey reiterates the finding that increasingly complex and fast-changing security threats have ensured that security remains a top C-suite priority.
CYBER SECURITY PERCEPTIONS AND REALITIES
In an era of fast-paced digital transformation and shifting regulatory landscapes, C-suite executives are leading organizations with definite views on risks and security. They no longer consider cyber threats as discrete, technology-related risks but business threats that can undermine their ability to operate and to compete successfully. In particular, executives appeared troubled about the potential impact of security threats, including negative customer experience, as well as losses to a company’s brand reputation and revenue. Among the top threats dominating their mindscape, three in five executives claimed that malware, bots or ransomware attacks would be very detrimental to their business. A significant number of executives indicated that the following threats made them fret: web application attacks, distributed denial-of-service, advanced persistent threats, and socially engineered attacks.
For most organizations, cyber security continues to be the number one driver when it comes to digital transformation. Although businesses have shown the propensity to automate their security, threats have become incredibly dynamic in recent times. Despite the pressures of such hazards, automated detection and mitigation solutions have adapted to the changing nature of threats. In fact, this year’s executive survey reveals that security automation has now reached an inflection point—with about four in five of the executives reporting that they have already implemented automated solutions.
There is also a growing propensity in Europe and less so in the US to engage hackers for vulnerability testing. One of the reasons behind hiring hackers could be rooted in the belief that they are more likely to be agile and creative in identifying vulnerabilities. Among the most common tasks that hackers undertake is, testing the effectiveness of network security systems, network infrastructure, databases, mobile services and web properties among others.
“GOVERNMENTS SHOULD DO MORE”
It is a common refrain among executives that the government should do more to protect personal information. Although Europe is committed to privacy due its adoption of EU GDPR, the current legislations are inadequate. About 67% of executives believe that privacy is compromised by current privacy laws and legislation related to information security, and 83% of executives say that government should do more to protect privacy. However, starting May 25, 2018, GDPR shall provide protection concerning the processing of personal data and the free movement of such data. Whenever a company wants to trade or do business with one or several of the EU member states, it will have to prove adequacy. This makes GDPR a global, worldwide regulation affecting organizations and businesses around the globe—and that is poised to have a huge impact on the competitiveness of US companies in EU markets. While the EU and, in all likelihood, the post-Brexit UK, are tightening the reins on consumer privacy protections, the US seems to be headed in the opposite direction. How these competing forces will combine to safeguard security remain to be seen.
PREFERRED APPROACHES TO SECURITY
Given the complex challenges of digital transformation, changing regulatory landscapes, highly dynamic cyber threats—and equally adaptive security solutions—how are companies around the world managing cyber security? Do they prefer in-house security or support from their ISP or services through a dedicated security partner? More than half of the executives surveyed reported a preference for managing cyber security internally.
About one-third (32%) say that they count on a security provider (such as their ISP or carrier), while 14% lean on a dedicated security vendor. After probing executives on the composition of their security teams, the survey found that most rely on either proven technical talents within their organization (42%) or third-party experts with long-track records in IT (36%). Just 5% count on white-hat hackers, while 12% use some combination of all three types of resources. Compared to just 1% of European companies, about one in ten US corporations has no in-house security team.
The research showed that cyber security continues to dominate the agenda of executives around the globe. It also revealed important global trends as well as intriguing perceptions and nuances among the US and European executives. For instance, the attack trends were global in nature; however, compared to US executives, European leaders were more likely to report having experienced an attack. It does not mean that it is the result of fewer attacks in the US. Rather, it likely reflects cultural differences in how front-line security teams report to their C-suite.