Less than one-fifth (17%) of cyber leaders feel confident that their organizations are cyber-resilient, according to the World Economic Forum (WEF)’s inaugural Global Cybersecurity Outlook 2022 report.
The study, written in collaboration with Accenture, revealed there is a wide perception gap between business executives and security leaders on the issue of cybersecurity. For example, 92% of businesses believe cyber-resilience is integrated into their enterprise risk-management strategies, compared to just 55% of cyber leaders.
This difference in attitude appears to be having worrying consequences. The WEF said that many security leaders feel that they are not consulted in security decisions, and only 68% believe cyber-resilience forms a major part of their organization’s overall corporate risk management.
In addition, over half (59%) of all cyber leaders admitted they would find it challenging to respond to a cybersecurity incident due to a shortage of skills within their team.
Supply chain security was another major concern among cyber leaders, with almost nine in 10 (88%) viewing SMEs as a key threat to supply chains.
Interestingly, 59% of cyber leaders said cyber-resilience and cybersecurity are synonymous, with the differences not well understood.
The report, compiled of various sources, including a survey of global cyber leaders, also looked at the surging ransomware threat. Four in five (80%) cyber leaders said they considered this vector a dangerous and evolving threat to public safety, while 50% indicated ransomware is one of their greatest concerns.
Jeremy Jurgens, managing director at the WEF, commented: “Companies must now embrace cyber-resilience – not only defending against cyber-attacks but also preparing for swift and timely incident response and recovery when an attack does occur.”
Julie Sweet, chair and CEO of Accenture, stated: “Organizations need to work more closely with ecosystem partners and other third parties to make cybersecurity part of an organization’s ecosystem DNA, so they can be resilient and promote customer trust.
“This report underscores key challenges leaders face – collaborating with ecosystem partners and retaining and recruiting talent. We are proud to work with the WEF on this important topic because cybersecurity impacts every organization at all levels.”
While broadly welcoming the new annual report, Ed Williams, director of Trustwave SpiderLabs EMEA, believes future editions can expand in focus. “If I were to criticize the report, I would have liked to see more detail around security fundamentals and appropriate mitigations; while patching is acknowledged as an issue, greater focus on its importance would be useful. Similarly, passwords and MFA, key components to a robust security program, were found to be missing. Broad level mitigations will help mitigate a large number of attacks/ransomware,” he outlined.