According to Willis Towers Watson and ESI ThoughtLab, the vast majority of companies (87%) consider untrained staff as their greatest cyber risk. Untrained staff is believed to be one of the categories where the least progress has been observed.
The research also concluded to the most common types of attacks, which are:
- Malware/spyware (81%);
- Phishing (64%);
- External unsophisticated hackers (59%);
- Cyber criminals (57%).
Moreover, according to the survey, a company’s threat perception varied based on the firm’s cyber security awareness. Namely, those who give a lot of attention to cyber security focus more on “Hacktivists” (52%) and malicious insider threats (40%), while cyber security beginners spend more time focusing on external threats (42%), such as partners, vendors, and suppliers.
In addition, regarding cyber resiliency, or processes after a cyber incident, cyber security leaders invest more in cyber resilience in comparison to their beginner counterparts. In fact, cyber security leaders, invest more cyber security resilience, spending 18% of the cyber budget in recovery, with cyber security beginners spending 14%.
Th study also found some other key highlights, which are as follows:
- 91% of cybersecurity leaders feel their investment is enough to meet their needs;
- 33% of cybersecurity beginners view their investment as enough to meet their need;
- 73% of companies plan to use behaviour analytics as a cyber security tool over the next two year;
- 80% of companies have at least a small amount of cyber security insurance.
Commenting on the study, Anthony Dagostino, global head of cyber risk, Willis Towers Watson, mentioned:
Leaders in cybersecurity are devoting significant resources towards protecting IT and risk functions within their organisations against external threats, but employee processes and training as well as corporate culture play a more integral role than many realize.
You can see the full report in the PDF herebelow