Researchers Say Businesses Think Their Cybersecurity is Better Than it is
For those of in the cybersecurity industry this is not a big surprise.
MxD is recognized as the National Center for Cybersecurity in Manufacturing by the Department of Defense and they conducted some interesting research.
They conducted a survey of 750 manufacturing firms in several industries, including both big and small companies. Here is a brief summary of some of what they found.
- Only 43 percent of firms have a cybersecurity leader and that number drops to 35 percent for small and medium size firms.
- While 68 percent of manufacturers have cybersecurity requirements in contracts, only 31 percent, by their own admission, rate these as comprehensive.
- 82 percent of manufacturers plan to raise their cybersecurity spending in the next budget cycle.
65 to 90+ percent of the respondents say they are confident in their cybersecurity practices as is shown in the chart below.
On the other hand, only 14 to 22 percent consider the cybersecurity policies comprehensive, again as is shown in the chart below.
Another example is roles inside companies required to complete cybersecurity awareness training. Executive leadership should be leading, but based on the chart below, that is not the case. Less than half of finance people are trained in cybersecurity principles across all sectors, even though that is a leading attack target – your money.
These are just a couple of examples from the report. The bottom line is that most companies are looking at cybersecurity through rose-colored glasses and this is why regulators and government agencies like the Department of Defense are resorting to very expensive and cumbersome third party assessments.
You as a business leader have two choices. You can wait until the government forces you to improve your cybersecurity program. New York, earlier this month, did just that for large hospitals, as an example. Or, you can be proactive and get ahead of the hackers.
I do think I am probably preaching to the choir here since a large percentage of the readers of this blog are our customers, meaning that you ARE the proactive group. But just in case you are not already one of our customers, please contact us. It is never too early to start on your cybersecurity improvement journey. And, it is also never too late.
You can read the entire report here.