High-Profile Incidents Have Made Boards Cyber Savvy

Written by

Global boards have become more aware of cyber-threats thanks to the devastating effect of high-profile ransomware incidents last year, new research from SentinelOne has revealed.

The security vendor polled 500 businesses in the UK, US, France and Germany to find out more on attitudes to cybersecurity at the top decision-making level.

Half of all respondents claimed that visibility of cyber-threats had grown at a board-level thanks to the impact attacks like WannaCry and NotPetya had on the bottom line of major multi-nationals in 2017.

NotPetya was perhaps most notable in leading to estimated losses of $300m at Danish shipper Maersk, $300m at FedEx subsidiary TNT and in the region of £100m ($132m) at UK Nurofen-maker Reckitt Benckiser.

However, WannaCry also caused significant damage, causing an estimated 19,000 cancelled operations and appointments at the NHS, further raising the profile of such attacks at a senior level.

The good news is that 54% of respondents told SentinelOne that there is now more chance of their boards releasing funds for employee training and awareness programs, while 43% claimed there’s more money in general for cybersecurity.

Over three-quarters (79%) also said their organization is getting better at combating ransomware.

However, ransomware reporting continues to be a challenge, with only 49% of organizations notifying police of attacks over the past year, down from 54% in the 2016 report.

This tallies with figures from the FBI, which revealed in May that it received just 1783 ransomware complaints last year, linked to losses of only $2.3m — a big drop from the 2673 reports it processed in 2016 and the 2453 from 2015.

Nearly two-thirds (62%) of respondents told SentinelOne they want to see more resources for law enforcers to catch cyber-criminals, but without accurate reporting police will struggle.

Interestingly 75% of UK respondents claimed they want to see greater international co-operation between countries to protect against attack, exactly the reverse of what will happen after Brexit.

There's no mention of the UK participating in a new EU cyber-response force announced this week, for example.

What’s hot on Infosecurity Magazine?