The results of the EY Global Survey on Information Security show that cybersecurity remains an important issue on the agenda of organizations

08/ 04/ 2019

Listen to online Stop   87% of organizations confirm they do not have enough resources to implement cybersecurity measures 77% of respondents currently have a basic level of cybersecurity tools 82% of executives do not consider cybersecurity as a strategic priority of the organizations development KYIV, 8 APRIL 2019. A year after a series of large-scale cyberattacks on the organizations and mutual accusations of states in cyberspace intervention, the research EY Global Information Security Survey 2018-19 (GISS) Cyber Security - More Than Protection? shows that cybersecurity remains an important issue on the agenda of organizations. A survey of more than 1,400 executives of the largest international companies with revenues of $10 million and higher, responsible for cyber security and risks, reveals the key issues of providing cyber security. Survey results show that 55% of organizations do not consider the protection of information as part of a general business strategy. At the same time, 87% of organizations have a limited budget to provide the necessary level of cyber security. However, cyber security budgets are increasing - big companies plan to spend on cybersecurity more in this year (63%) and in next year (67%), smaller companies - 50% and 66% respectively. The poll shows that 78% of large and 65% of small organizations believe that the information security function at least partially satisfies their needs, and only 8% of respondents believe that the function fully meets the needs of the company. The surveyed organizations continue to work on the implementation of the basic elements of cybersecurity, and are also looking for new approaches and tools. All interviewed organizations implement digital transformation projects and increase their costs for the implementation of new technologies. The study found that this year organizations will invest the most in cloud computing (52%), cybersecurity analytics (38%) and mobile computing (33%). Paul van Kessel, head of the EY’s International Advisory Center of Risk Management, believes: Today, organizations are increasingly investing in new technologies within the framework of digital transformation programs, and although these technologies have created many new opportunities, they also create new vulnerabilities and threats. Organizations need to understand that building customer confidence is crucial for their transformation programs success. To build this trust, cybersecurity should be embedded in the DNA of the organization, that is to be an integral part of the business strategy. Dmitry Lazuchenkov, Senior Manager of IT Risk and Assurance, Advisory Department, EY Ukraine, states: For Ukrainian business, the active migration of large Enterprise IT solutions to cloud services and the execution of critical business operations in public clouds is still inherent. Flexibility and scalability of cloud solutions are attractive to companies, since they allow them to reduce costs and increase works speed and efficiency. Under high competition, cloud services providers are trying to cut costs by reducing investment in technical tools and staff skills needed for providing cloud solution secureness. This leads to the fact that cloud environments become more vulnerable to cybercriminals attacks. Therefore, the development of an integrated approach to the security of cloud solutions will be the main task for suppliers as it is one of the key criterion put forward by customers. Cybercrime may cause the high level of loss for business. This encourages companies worldwide to look for opportunities to manage these risks from the outside. One of the available options is cyber risk insurance, therefore relevant proposals from insurance companies are expected to be a trend in 2019 in Ukraine. The corporate sector is not the only target for cybercriminals. The state institutions of Ukraine should not forget about counteraction to cyber threats as well. The use of soft power in geopolitical conflicts, including fraud information activities, cyberattacks etc., has become a widespread phenomenon. Therefore, public sector enterprises should take steps to timely identify cyberattacks, and provide resources for effective information security risk management. Careless / uninformed employees are the greatest threat for organizations information security; most companies cannot identify all of information security’s violations and incidents The survey results show that the most serious threat to the companys information security is unskilled or careless employees (34%), outdate security control tools (26%), unauthorized access to information (13%), and risks of using cloud computing (10%). Most organizations (82%) are not sure if they can successfully detect information securitys violations and incidents. Among the organizations that suffered from incidents in the past year, less than a third (31%) say that the incident was recognized by the companys information security service. Cybersecurity is not a strategic direction of organization development; staff members responsible for the cyber security of the organization are not part of the board of directors Organizations are convinced that the prevention of cyber risks and the development of cyber security is a prerequisite for success in the era of digital technologies. Thus, 70% of all organizations (73% of large and 68% of small) are confident in the high level of knowledge of senior management in the field of information security. At the same time, 60% of organizations affirm that employees directly responsible for providing information security are not part of the board of directors. Only 18% of organizations state that information security is considered on an ongoing basis in the organizations strategic managers agenda. Van Kessel concludes: We are firmly convinced that in the future, digital trust will be the basis on which the value for customers will be built. To achieve this, organizations must go beyond the understanding of cybersecurity as the problem just of IT and consciously implement security systems. This will increase cyber stability, which will give organizations confidence and new opportunities in managing cyber risks. For more information and to download the report, visit ey.com/giss. Information about EY EY is a global leader in assurance, tax, transaction and advisory services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities. EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. For more information about our organization, please visit ey.com. Contacts Nataliya Letik Senior Marketing Specialist, EY in Ukraine +380 44 499 33 64 [email protected]

• 87% of organizations confirm they do not have enough resources to implement cybersecurity measures
• 77% of respondents currently have a basic level of cybersecurity tools
• 82% of executives do not consider cybersecurity as a strategic priority of the organization’s development

KYIV, 8 APRIL 2019. A year after a series of large-scale cyberattacks on the organizations and mutual accusations of states in cyberspace intervention, the research EY Global Information Security Survey 2018-19 (GISS) “Cyber Security – More Than Protection?” shows that cybersecurity remains an important issue on the agenda of organizations. A survey of more than 1,400 executives of the largest international companies with revenues of $10 million and higher, responsible for cyber security and risks, reveals the key issues of providing cyber security.

Survey results show that 55% of organizations do not consider the protection of information as part of a general business strategy. At the same time, 87% of organizations have a limited budget to provide the necessary level of cyber security. However, cyber security budgets are increasing – big companies plan to spend on cybersecurity more in this year (63%) and in next year (67%), smaller companies – 50% and 66% respectively.

The poll shows that 78% of large and 65% of small organizations believe that the information security function at least partially satisfies their needs, and only 8% of respondents believe that the function fully meets the needs of the company. The surveyed organizations continue to work on the implementation of the basic elements of cybersecurity, and are also looking for new approaches and tools.

All interviewed organizations implement digital transformation projects and increase their costs for the implementation of new technologies. The study found that this year organizations will invest the most in cloud computing (52%), cybersecurity analytics (38%) and mobile computing (33%).

Paul van Kessel, head of the EY’s International Advisory Center of Risk Management, believes:

“Today, organizations are increasingly investing in new technologies within the framework of digital transformation programs, and although these technologies have created many new opportunities, they also create new vulnerabilities and threats. Organizations need to understand that building customer confidence is crucial for their transformation programs success. To build this trust, cybersecurity should be embedded in the DNA of the organization, that is to be an integral part of the business strategy”.

Dmitry Lazuchenkov, Senior Manager of IT Risk and Assurance, Advisory Department, EY Ukraine, states:

“For Ukrainian business, the active migration of large Enterprise IT solutions to cloud services and the execution of critical business operations in public clouds is still inherent. Flexibility and scalability of cloud solutions are attractive to companies, since they allow them to reduce costs and increase work’s speed and efficiency. Under high competition, cloud services providers are trying to cut costs by reducing investment in technical tools and staff skills needed for providing cloud solution secureness. This leads to the fact that cloud environments become more vulnerable to cybercriminals attacks. Therefore, the development of an integrated approach to the security of cloud solutions will be the main task for suppliers as it is one of the key criterion put forward by customers.

Cybercrime may cause the high level of loss for business. This encourages companies worldwide to look for opportunities to manage these risks from the outside. One of the available options is cyber risk insurance, therefore relevant proposals from insurance companies are expected to be a trend in 2019 in Ukraine.

The corporate sector is not the only target for cybercriminals. The state institutions of Ukraine should not forget about counteraction to cyber threats as well. The use of “soft power” in geopolitical conflicts, including fraud information activities, cyberattacks etc., has become a widespread phenomenon. Therefore, public sector enterprises should take steps to timely identify cyberattacks, and provide resources for effective information security risk management.”

Careless / uninformed employees are the greatest threat for organizations information security; most companies cannot identify all of information security’s violations and incidents

The survey results show that the most serious threat to the company’s information security is unskilled or careless employees (34%), outdate security control tools (26%), unauthorized access to information (13%), and risks of using cloud computing (10%).

Most organizations (82%) are not sure if they can successfully detect information security’s violations and incidents. Among the organizations that suffered from incidents in the past year, less than a third (31%) say that the incident was recognized by the company’s information security service.

Cybersecurity is not a strategic direction of organization development; staff members responsible for the cyber security of the organization are not part of the board of directors

Organizations are convinced that the prevention of cyber risks and the development of cyber security is a prerequisite for success in the era of digital technologies. Thus, 70% of all organizations (73% of large and 68% of small) are confident in the high level of knowledge of senior management in the field of information security.

At the same time, 60% of organizations affirm that employees directly responsible for providing information security are not part of the board of directors. Only 18% of organizations state that information security is considered on an ongoing basis in the organization’s strategic managers agenda.

Van Kessel concludes: “We are firmly convinced that in the future, digital trust will be the basis on which the value for customers will be built. To achieve this, organizations must go beyond the understanding of cybersecurity as the problem just of IT and consciously implement security systems. This will increase cyber stability, which will give organizations confidence and new opportunities in managing cyber risks”.

For more information and to download the report, visit ey.com/giss.

Information about EY

EY is a global leader in assurance, tax, transaction and advisory services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities.

EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. For more information about our organization, please visit ey.com.

Contacts

Nataliya Letik

Senior Marketing Specialist, EY in Ukraine

+380 44 499 33 64

[email protected]