05/04/2021 | News release | Distributed by Public on 05/04/2021 13:10
Key Points:
The events of the past year have put a premium on cyber resilience strategies to keep businesses up and running. As companies have fast-forwarded their digital transformation, decentralized work and redefined customer engagement, they've exposed more of their business to cybercriminals, who've leapt at the opportunity. Companies that take an ad hoc approach to the problem are at a clear disadvantage.
Two statistics from Mimecast's new report, State of Email Security 2021 (SOES), underscore how businesses have gone virtual and sent cyber risk through the roof. Some 81% of companies have seen their use of email increase, as the primary means of both internal and external communications. At the same time, email-based security threats soared by 64%, remaining cybercriminals' preferred mode of entry for attacks ranging from data theft to ransomware.
Cyber Resilience Strategies Deliver
Were some companies more prepared than others? The SOES research shows that 44% have a cyber resilience strategy in place - a group we're calling the cyber-strategic companies. Nearly all the rest (54%) say they are at some stage of planning or rolling one out. (Mimecast's SOES webinar on May 6 will delve into the obstacles they face; you can register here to attend.)
Cyber resilience strategies enable companies to adapt to shifting cyber risk, anticipate and withstand attacks, and recover quickly should one succeed. Effective strategies continually engage people, policies, processes and technology throughout the organization. They cover a range of technology, risk management, contingency, continuity and compliance planning.
How have companies with cyber resilience strategies fared in the past year? SOES 2021 results indicate that cyber-strategic companies have performed better than their peers in areas including the following:
A Work in Progress
Even cyber-strategic companies realize that more progress is needed as the landscape continues to shift. And while the 44% of companies with cybersecurity strategies in place represent an increase over 30% of companies in 2017, that leaves more than half today without a strategy. Meanwhile, 60% of all companies surveyed expect increasingly sophisticated attacks and 52% see a growing volume of attacks in 2021.
Notably, the risk of human error is frustrating even the cyber-strategic companies, who expect employees - especially those working remotely - to create vulnerabilities through errors using their personal email (72%) or 'shadow IT' such as unauthorized applications (66%). This, despite their more frequent security awareness training, which 46% of cyber-strategic companies conduct monthly or more frequently ('on an ongoing basis') versus 23% of respondents without a cyber strategy in place.
Innovation and automation are among the chosen approaches for many cyber-strategic companies to keep improving their resiliency. For example, half said they currently use advanced technologies such as artificial intelligence or machine learning to improve security, compared to 38% of all respondents. Cyber-strategic companies are also ahead of the pack in using the Domain-based Message Authentication, Reporting & Performance (DMARC) protocol to verify emails, as companies have awakened to the need to protect their brands online. Some 43% of them already use DMARC, compared with 26% of all respondents.
In addition, security leaders are working more closely with business teams to increase resilience, according to a new survey from PwC Research. 'Going forward, a key factor for most organizations will be the orchestration of separate business continuity, disaster recovery and crisis management functions,' the group said.[1]
The Bottom Line
Many companies are stepping up their strategic thinking on cyber resilience and beginning to see it pay off. Yet more than half are still planning or rolling out their cyber resilience strategies. You can learn from your cyber-strategic peers' progress in Mimecast's recent SOES report and its upcoming webinar on May 6.
[1]'Global Digital Trust Insights Survey 2021,' PwC
Get all the latest news, tips and articles delivered right to your inbox
You will receive an email shortly