While cyber defence cost is increasing, just one in five cybersecurity leaders considers their organisation’s defence approach to be effective, said EY recently.
According to the EY 2023 Global Cybersecurity Leadership Insights Study based on a survey of 500 cybersecurity leaders worldwide, the annual spend on cyber defence hits US$35 million with median cost for a breach has increased by 12% to US$2.5 million in 2023 and expected to reach US$4 million.
However, it takes six months or longer to detect and respond to an incident according to 76% of respondents, survey results indicated.
“After all the time and money spent on cybers defence, organisations still feel very unprepared against cyber threats,” said Richard Watson, EY Global and Asia-Pacific Cybersecurity Consulting Leader. “The levels of dissatisfaction are more worrying when seen in the context of increasing geopolitical instability, economic uncertainty and the rapid adoption of emerging technologies that will push the number of incidents to even higher levels and see cyber adversaries continually evolve.”
Survey highlights
- Half of respondents appear skeptical about the effectiveness of the training that their organisations provide and just 36% are satisfied with the levels of adoption of best practices by teams outside the IT department.
- Those organisations that are more satisfied with their approach to cyber defence experience fewer cyber incidents and can detect and respond to incidents quicker have certain common characteristics.
- The 70% of “secure creators” identified in the study define themselves as early adopters of emerging technology, they focus on extracting the most value from specific advanced solutions, such as AI/machine learning (62%) and security, orchestration, automation and response (SOAR) (52%) that allow them to have a clear line of sight of cybersecurity incidents.
- Secure creators have specific strategies in place for managing attacks through multiple sources: their own cloud, their partners and through their supply chains.
- They appear almost twice as likely to be highly concerned about cyber risks from their supply chain (38%) and related risks, such as intellectual property protection (38%).
- Secure creators also embed cybersecurity thinking and training from the C-suite down to the workforce. Their approach is more likely to positively impact their pace of transformation and innovation (56%), as well as their ability to rapidly respond to market opportunities (58%) and to focus on creating value (63%).
