Many organisations are expecting the number of cybersecurity incidents to grow next year, but still aren't willing to purchase insurance and protect themselves, according to FireEye’s inaugural Trendscape Report.
Based on a poll of more than 800 CISOs and other senior executives in Europe, North America and Asia, the report says that 56 per cent of the respondents believe there they’ll have more cyberattacks next year - with the UK result at 52 per cent.
However this threat still isn't enough for companies to start covering their bases with cyber-insurance. Just half of all the global respondents said they had such a solution set up. In the UK, a third (32 per cent) of organisations sai they aren't covered.
What’s also interesting is seeing how these executives perceive GDPR fines. Even though they’re seen as ‘draconic’ among industry experts, the fines are the second least important concerns for the respondents. Losing data was the biggest concern.
They are also worried about the lack of cybersecurity training, with 10 per cent of UK’s workers having no training in the field, whatsoever. Roughly the same number (11 per cent) of UK organisations have no incident response plans, either.
“One attitude that emerged which people should reconsider is letting compliance dictate security standards when actually they should be aiming for a higher level of protection,” said Eric Ouellet, Global Security Strategist at FireEye.
“For example, the report found that 29 percent of organisations had informal training programs on an ‘as needed’ basis that are focused on meeting core compliance requirements. It’s likely that the organisations which are taking a more comprehensive approach in this area and others are better equipped to deal with security threats.”