A recent study conducted by McKinsey and World Economic Forum reveals that many executives do not have a favorable outlook on their capability to sideswipe cybercriminals.
The study also finds that just like small businesses, big businesses also lack the ability to take major decisions, and they struggle a lot to quantify the effect of risk and what should be resolution plans. Much of the damage are caused due to inadequate and ineffective response to a breach rather than the breach itself, the study authors said.
The study involves over 200 business leaders who hold positions from chief information officers, law enforcement officials, policy makers, IT regulators and technology vendors from Americas to Europe, Asia to Africa and also from the Middle East.
The impact of cybercrimes is extremely huge and the cost of such attacks or breach can hit trillions of dollars mark.
The respondents, mostly decision makers, were extremely concerned with the growing trends of hackers, their methods and eventually the fallouts of such attacks. Some of the research findings include:
- Over 50% of respondents, and 70% of financial executives, believe that cybersecurity is a big risk. Some executives believe employees are equally a threat just like those who work from external setups.
- Majority of executives think that cybercriminals would always be a step ahead of corporate security defenses. 60% of them think the gap between cybercriminals and corporate security system will further increase, with hackers being in the lead.
- Leaking of proprietary data remains one of the biggest concerns for businesses which sell products directly to consumers and businesses.
- The service companies are, however, much more worried about the leaking of their customers’ sensitive private data and the threat of disruptions in their service.
- Big organizations, according to the McKinsey study, have reported cross-sector gaps in their risk-management competency.
- Some business firms are spending a lot of money on defense However, most of them don’t have the technical sophistication for risk-management. It was found that only a few companies spend little on defense, but they were pretty efficient at taking risk-management decisions. The study states that large companies do not always mean better defense. There is always room for improving their risk management capabilities.