Business digital transformation and cyber security threats have outpaced enterprise security capacity, a survey has revealed
An average of 40% of organisations experienced five or more significant security incidents in the past 12 months, according to the survey report by digital threat management firm RiskIQ.
The most cited external threats included malware, ransomware, phishing, domain and brand abuse, online scams, rogue mobile apps, and social impersonation.
In the face of these threats, 70% of respondents said they had little or no confidence in reducing their digital attack surface, expressing the least confidence in threats against web, brand and ecosystem assessment.
The majority of those surveyed are aware some of their digital security measures are immature or ineffective, with only 31% expressing high confidence in the likelihood their organisations can mitigate or prevent digital threats despite all respondents increasing their near-term digital security spend.
More than half of survey respondents expect their near term digital defence investment to increase between 15% to 25% or more.
Correspondingly, nearly half of respondents view cyber threat intelligence as ‘very important’, and all respondents saw cyber threat intelligence tools as being ‘very important’or ‘somewhat important’- especially in fortifying research and reducing time to respond to external threats.
However, confidence in capacity to address digital threats appears to be higher in the UK, with UK respondents seeing more value than US counterparts in the ability for cyber threat intelligence and digital threat management tools in reducing time to remediate threats.
In terms of industry sectors, the survey shows digital threat management appears more progressive among organisations in financial services, manufacturing and consumer goods in terms of overall expenditure.
Larger companies felt they were better able to update control systems and collaborate across departments perhaps showing the benefits of scale and smaller companies felt best able to inform others about the status of external attacks, perhaps reflecting the benefits of having a smaller base to worry about.
Nearly a quarter of healthcare and pharmaceutical respondents felt little to no confidence in their ability to assess digital risk.
Outsourcing the cyber security risks
In an attempt to mitigate the cyber security risks organisations are outsourcing a third of digital threat management tasks to managed security service providers (MSSPs), and outsourcing looks set to grow by nearly 13% in compound annual growth rate by 2019.
The survey shows the UK is growing faster in its plans to outsource digital threat management tasks to MSSPs, with an expected year-on-year growth rate for the UK of 17% compared with just 11% in US.
‘The independent research provides a useful litmus test for the level of exposure, controls and investment regarding external web, social and mobile threats among global industries,’ said Scott Gordon, chief marketing officer at RiskIQ.
‘The findings validate the need for enterprises to leverage cross-channel intelligence, automation and resource optimisation as they build out digital defences to reduce operational and reputational risk.’