Security incidents at companies have become routine news items. Motherboard actually runs a recurring feature on them called “Another Day, Another Hack.” It’s that common.
It would be naïve to assume there’s one thing driving this apparent increase in corporate cyber attacks. For example, the effects of digitalization on businesses is certainly significant. But there are lots of resources companies can use to manage the risks that come with relying on more complex networks and online services.
So what’s behind all of these incidents? Well, companies are typically built and maintained by people. So it makes sense to look there for answers.
We ran a small but focused survey with participants from 26 companies to hear their thoughts on cyber security. Based on their responses, we highlighted four of the most common “excuses” on why companies don’t see cyber security as being more of a priority.
Many of these excuses seem relatable. But they’re all poor substitutes for actual cyber defenses. How would customers, shareholders, colleagues, company owners, and the public react when you respond to a data breach with something like “paying for security is like buying expensive insurance, and there’s little need, since we’ve had no incidents,”?
I wouldn’t be impressed with an answer like that. Prioritizing the implementation of a cyber security strategy that protects critical assets and data is a better approach. And with many countries beginning to usher in new regulations with strict disclosure guidelines and heavy fines for poor security practices, you probably don’t want to bet on those excuses protecting your company from the costs that come with security incidents.