The more “cyber security ready” a business becomes, the better its overall business outcomes. Unfortunately, many organizations worldwide are not cyber security-ready.
Those are among the key findings of the recent Global Cyber Readiness Barometer report from telecommunications provider Vodafone. The study is based on a survey of 3,281 consumers/employees and 1,528 business IT decision makers in nine countries, and found that nearly half (48%) of cyber security-ready businesses are reporting more than 5% increases in annual revenue as well as high stakeholder trust levels.
Despite this, the research also shows that only 24% of organizations globally could reasonably call themselves “cyber ready”. Cyber readiness, according to the report, is a mix of different measures that include cyber operations, cyber strategies, cyber resilience, an understanding of risk, and employee awareness.
As part of its research, Vodafone created a “Cyber Ready Index,” which assesses businesses across six criteria contributing to readiness levels and assigns an overall readiness score out of 100. This score is then used to categorize each respondent’s level of cyber readiness as basic, reactive, developing, proactive or advanced, with the latter two being classed as cyber ready.
On average, organizations achieved a score of just 46 out of 100 on the Cyber Ready Index. Smaller businesses (those with less than 100 employees) were the least ready, scoring 42 out of 100, with 20% demonstrating the lowest level of readiness. Overall, organizations’ ability to understand security risks—one of the six criteria that determine readiness—rated highly. About one third of the organizations achieved the highest readiness level in this category.
And yet, confusion about who can help handle security challenges is actually on the rise, the study said, with 46% of organizations agreeing that they are unsure of who can help with information security challenges. That’s up 5% in the year since the 2017 research.
Traditionally, cyber security has been thought of as a defensive strategy, the report noted, including building walls against known vulnerabilities to prevent future attacks and using forensic technology to clean up in the wake of breaches. Investment in cyber security was viewed as a necessary evil in the digital age. But the company’s 2017 research report uncovered a clear link between organizations with strong cyber security and greater business success.
“This countered the generally accepted narrative,” the latest report said. “In fact, those businesses [that] took a proactive approach to cyber security predicted financial benefits, greater customer loyalty and competitive advantage. We felt that this demanded investigation, so in 2018 we set out to question decision makers to see whether they realized those benefits and to corroborate this link between cyber and business success.”
The new report showed that the healthcare, technology, and financial services sectors are the most cyber ready, with retail and education the least ready. That could be a reflection of the fact that healthcare organizations and financial services firms are among the most heavily regulated when it comes to data protection.
From the perspective of geography, businesses in India, the U.K. and the U.S. are the most cyber ready, while the Republic of Ireland, Singapore, and Germany perform less well. As for company size, larger enterprises are most likely to be cyber ready, but can be hampered by management and control issues, according to the report.
The study also shows that there is a significant disconnect between what employers think their employees were doing and what is actually taking place when it comes to workplace technology.
For example, 43% of the respondents think employees use their personal smartphones for work, while in reality 63% of employees do so. And employers of all sizes offering remote working think a maximum of 46% of their employees work remotely, while 59% of employees report that they work away from the office.
The report shows that a common challenge for organizations is to align security and cyber policies more closely with employee requirements and behaviors. Employees understand their role in ensuring cyber security, with 47% of staff reporting that policies are followed. But most say there are some types of “work arounds” used. And 42% of workers say that policies actually hinder their efficiency.
While there is clearly a common desire for both employees and employers to do the right thing, there is a big discrepancy in understanding when it comes to security, noted Vodafone enterprise cyber security lead Maureen Kaplan. The research demonstrates that organizations need to create digital cyber security policies that are compatible with their workforce.