- Businesses are losing confidence in their ability to understand, assess and measure cyberthreats, according to Microsoft's 2019 Global Cyber Risk Perception Survey of more than 1,500 business leaders. Confidence in the ability to assess and understand cybercrime dropped from 18% to 9% in 2018.
- Only 11% of firms feel a "high degree of confidence" in their cyber resilience, accoridng to the survey. Half of respondents said cyber is never a "barrier" for innovation, yet nearly one-quarter of respondents said risk outweighs the potential risk of new technologies.
- Confidence is in part rattled by the inability to prevent or mitigate risks presented by business partners. At most, 15% of firms have some level of confidence in supply chain threat mitigation. About 43% of firms have "no confidence" in protecting their businesses from risks from their commercial partners.
Innovation is a hacker's paradise because mistakes are inevitable. It doesn't help that the priorities of a business and its security organization are often unaligned.
"Security is always the last to know," said Amy DeMartine, VP and research director at Forrester, while speaking at Forrester event in National Harbor, Maryland last week. "It's unmotivating and frustrating."
The majority of CEOs, 62%, say the risk of cyberattacks will hinder company growth, according to DeMartine. But a disconnect between product growth and security persists.
"Developers have no idea ... their whole goal is to get their genius out to customers," said DeMartine.
To maintain the pace of development and the "always-on" expectation of IT, 94% of CIOs and CISOs say they implement practices that compromise protection, further fueling the degradation of confidence, according to a Tanium survey.
The CISOs able to make a breakthrough in the C-suite are the ones able to place a monetary value on specific areas of risk in the infrastructure. However, the companies that have managed to break security out of its silo, adopt a shared security model and invest in its strength might feel lower confidence for another reason.
Microsoft theorizes the low confidence levels stem from low-impact effects of their otherwise "ever-increasing" cybersecurity investments. The cybersecurity market is expected to reach beyond $124 billion this year, while the cost of cybercrimes soars at about $1 trillion, according to the report.