Security is missing in the ‘new normal’!

International audit and consultancy company EY has announced the results of the Global Information Security Survey (GISS), which examines the preparations and investments of the business world against cyber security threats and attacks. The research created as a result of the survey conducted with the senior managers of more than a thousand companies around the world. It includes findings on companies operating in the financial services, consumer products and retail, health and life sciences, energy, technology, media, entertainment and telecommunications industries. According to the research; the new working models that emerged as a result of Covid-19 also make companies vulnerable to cyberattacks, which are increasing in number and becoming more complex due to under-invested cybersecurity systems.

More than half (56%) of cybersecurity executives surveyed admit that their companies are ignoring some of their cybersecurity processes in order to meet the new requirements for remote and flexible working. 43% of executives say they are more concerned than ever about their company’s ability to manage cyber threats, and 77% say they have seen an increase in the number of cyberattacks such as ransomware over the past 12 months. EY Turkey Consulting Department Partner and Cyber Security Services Leader Ümit Yalçın Şen said that: “The transition to new working models without closing cyber security gaps creates significant risks, especially considering that many companies will make these new applications permanent in the post-pandemic period. Recent ransomware incidents show that necessary actions must be taken.”

Budgets do not meet the needs

According to the research; despite the rise of cybersecurity threats, cybersecurity budgets remain low compared to overall IT spending. The companies surveyed averaged 11 billion USD in revenue last fiscal year, but only spent 5.8 million USD on cybersecurity. 39% of executives say their cybersecurity budget is below what is needed to manage new challenges that have emerged over the past 12 months. Again, 39% say that cybersecurity spending is not sufficiently included in strategic investments such as IT supply chain transformation. And 36% believe it is only a matter of time before their company is hit by a major cyberattack that could have been prevented if adequate investment in cybersecurity defense was made.

Relationships between cybersecurity leaders and other functions within the organization also seem to need to be strengthened. 41% of cybersecurity leaders describe their relationship with the marketing function as negative, and 28% describe their relationship with company owners as weak. 2020 research results showed that 36% of executives had confidence that their cybersecurity team would be consulted when planning potential new business initiatives. However, this rate dropped to 19% in 2021.