Digital transformation brings risk, exposing companies to higher and more costly cyber risks, according to a report by ESI ThoughtLab. The research firm conducted its study of 1,300 companies in collaboration with organisations from different sectors, including: Baker McKenzie, CyberCube, HP Inc., KnowBe4, Opus, Protiviti, Security Industry Association, Willis Towers Watson and WSJ Pro Cybersecurity.
Third parties also bring risks
The report found that firms whose cybersecurity practices do not keep pace with their digital transformation initiatives are more likely to see US$1 million or more in losses from a cyber attack. Embracing new technologies, such as the adoption of open platforms and connecting with the ecosystems of partners and suppliers are likely to dramatically increase the risk of cyberattack. The report found that, while firms now report the biggest impacts from malware (81%), phishing (64%), and ransomware (63%), in two years they expect massive growth in attacks through partners, customers and vendors (247% growth); supply chains (+146%); denial of service (+144%); apps (+85%); and embedded systems (84%).
Untrained staff a threat
Surveyed companies see high risks from external threat actors, such as unsophisticated hackers (cited by 59% of firms), cyber criminals (57%), and social engineers (44%), but the greatest threat lies with untrained general staff (87%). Another 57% of firms see data sharing with partners and vendors as their main IT vulnerability. Nonetheless, only 17% of companies have made significant progress in training staff and partners on cybersecurity awareness.
“Companies need to make sure that their cybersecurity programs keep pace with their digital transformation efforts,” said Lou Celi, CEO of ESI ThoughtLab and director of the study. “Cybersecurity should not be an afterthought. It needs to be integrated into the fabric of an organization’s growth strategy.”
ESI ThoughtLab has more information about the study and white paper on its website.
Internal accounting controls needed to fight cybercrime
A report highlights the risk of 'fake executive emails' and how companies that fall victim could be breaking an 80-year old law
Payments industry learns from coordinated cyber ‘war games’
Some of the biggest names in payments have participated in a simulated cyberattack to uncover the weaknesses in their response plans
Finance #1 target for cybercrime, software is key weakness
The financial industry is a prime target for cyber criminals, while legacy systems and the software supply chain are key weakness