The Chamber’s 2018 regional cybersecurity report, “The State of Cybersecurity in Central Virginia,” is now available. The Chamber thanks Advanced Network Systems for co-sponsoring this report and for contributing their time & expertise to educate the community about cyber risks.
This report provides insights into: (a) the perceptions of regional business owners, executives and other professionals, regarding the state of cybersecurity threats in general and, (b) how their organizations are prepared to combat the growing number and variety of attacks. This year’s information was compiled from survey responses of 110 participants, from organizations with employee headcounts from less than 50 to over 1,000. Survey respondents came from both the Chamber membership community and the regional community at large.
Industry analysts are unanimous in their assessments that, when it comes to the volume, prevalence and sophistication of cyberthreats, we are moving into an evermore dangerous year to come. We know that cyberthreats, and their negative impact on organizations, are a global issue; but they are also a local issue. Regardless of industry sector, geographic location, or size, all organizations must increase their cybersecurity focus to protect their data, operations, and reputation.
Among respondents, 53% reported being the victim of one or more attacks within the past five years. This figure is down slightly from last year’s reporting of 57% and remains generally in line with statistics reported for small and medium-sized organizations overall.(1) Of note is the number of “Don’t Know” responses to this question which rose from 7% in 2017, to 18% in the current year.
Once again, 2018 respondent’s perceptions of the dangers and risks cyberattacks pose in general, appear to be incongruent with what they believe actually applies to their own organizations. In terms of turning cybersecurity threat awareness into action, responses continue to suggest a disconnect between what respondents know is “possible,” and what they think is “probable” within their own operating environments.
An example of this is that 79% of respondents reported that they believe cybercrime will be a bigger threat to organizations overall in the coming year (up from 72% in 2017). Yet, at the same time, 81% of respondents believe cybercrime is only a moderate or low risk to their organization (on par with 82% in 2017). The disconnect is further emphasized when we see that 64% of respondents reported that their security budget won’t increase in the coming year while, at the same time, only 36% reported feeling either very confident or extremely confident about being able to defend against an attack.
In terms of the predicted business disruption caused by a cyberattack, 40% of respondents felt it would take more than a day to recover from a cyberattack (down from 44% in 2017), with an additional 23% unsure about how long a recovery would take (up from 14% in 2017). Overall, the responses to this question may be overly optimistic given that Intermedia’s latest ransomware report found that almost two-thirds of organizations could not access their data for at least two days following an attack, and 32% lost access for five days or more.(2)
When responding to the question of what the biggest obstacles are to improving cybersecurity defenses, 39% of participants responded: uncertainty over the right solution (up 27%), 31% said lack of budget (up 10%), and 30% responded a lack of understanding of exposure and risks (up 16%).
Two new questions posed this year revealed that only 33% of respondents reported having a cyber liability insurance policy. Also, of note, is that 81% of participants responded that they would like to see The Chamber do more to inform, educate and otherwise support their cybersecurity efforts.
(1) Verizon 2018 Data Breach Investigation Report