Companies with a compound annual growth rate (CAGR) of 40% or higher are more likely than companies growing at a standard rate to have suffered ten or more cybersecurity breaches, according to new research by Beyond Identity.
Researchers questioned 1102 employees, ranging from entry- and mid-level to business leaders, about cybersecurity issues within their organizations. The results showed a variation between companies that grow at a standard rate and companies experiencing hyper-growth (CAGR of 40% or higher).
While 62% of hyper-growth company employees claimed that their organization was proactive towards cybersecurity threats, only 61% backed up data, and only 55% encrypted data.
Fewer than half (48%) of the employees of standard growth companies said their organization was proactive towards cybersecurity threats. However, 66% said they back up data, and 53% said they encrypted data.
Fewer than half (44%) of all the respondents said they used anti-malware and firewall software, with 39% of hyper-growth companies taking these precautions compared with 42% of standard growth companies.
Secure hardware was used by 64% of hyper-growth companies but only 57% of standard growth companies.
Only 50% of respondents reported that their companies restrict network administration rights.
Asked about password security, 72% of hyper-growth company employees said they used a password manager app. However, 62% stored their passwords in a document on their computer, 41% stored them in a note on their phone and 46% wrote them down on paper.
Among standard growth company employees, 54% used a password manager app, 39% stored their passwords on their computer, 27% stored them on their phone and only 34% wrote them down on paper.
Nearly two-thirds of companies (62%) had experienced at least one cybersecurity breach. While 6% of standard growth companies had suffered between 6 and ten breaches, and 1% had experienced more than 10 breaches, 15% of hyper-growth companies had been breached five to 10 times and 5% had been hit on more than ten occasions.
The average estimated cost of an attack was $20k-$25k for hyper-growth companies and $34k-$119k for standard growth companies.
Following a cyber-attack, educating employees on cybersecurity was a measure taken by 70% of hyper-growth companies but just 45% of standard growth companies.