Companies are more confident of being able to detect and protect themselves from a cybersecurity threat but their plans to recover in the aftermath of one are inadequate, according to a survey by EY.

The level of confidence in being able to spot a sophisticated cyber attack is now at its highest since 2013, with half of those surveyed saying they would be able to do so. This is because corporates have been investing in cyber threat intelligence, continuous monitoring mechanisms, security operations centres (SOCs) and active defence mechanisms.

Need to improve cybersecurity strategies

The data uncovered some serious shortcomings in the cybersecurity strategies of many global companies. It showed that 57 per cent rate business continuity and disaster recovery as a high priority, but only 39 per cent are planning to invest more in it in the coming year. It also found that 42 per cent do not have an agreed communications strategy or plan in place in the event of a significant attack. Also, 86 per cent said their cybersecurity function does not fully meet their organisation’s needs.

The survey also found that:

• 64 per cent of companies don't have a formal threat intelligence programme or have only an informal one;
• 55 per cent do not have vulnerability identification capabilities or only have informal capabilities;
• 44 per cent do not have a SOC to continuously monitor for cyber attacks;
• 57 per cent have had a recent significant cybersecurity incident;
• 48 per cent cited outdated information security controls or architecture as their highest vulnerability – an increase from 34 per cent in the 2015 survey.

Increase in cyber theft of financial data

The graph below shows the top cybersecurity threats faced by global companies and in particular it shows there has been a 12 per cent increase in cyber attacks to steal financial information.

---

CTMfile take: This EY survey shows that many multinationals are just not prepared enough to deal with the aftermath of a cyber attack. It's an issue corporate treasury should keep an eye on, considering the rise in cyber theft of financial data and also bearing in mind that McKinsey recently published a study showing that cybersecurity is an area to which some CFOs are now giving more focus.