Cybercrime widely under-reported, ISACA study reveals
Only a third of organisations confident in their ability to detect and respond to threats
Cybercrime remains widely under-reported, with only half of all survey respondents certain that enterprises are reporting cybercrime, says a new report by ISACA.
Equally concerning, only a third of organisations are confident in their ability to detect and respond to threats, the State of Cybersecurity 2019 Report reveals.
“Underreporting cybercrime—even when disclosure is legally mandated—appears to be the norm,” said Greg Touhill, Brigadier General (ret), ISACA Board Director, president of Cyxtera Federal and the first US Federal CISO.
ISACA surveyed more than 1,500 cyber security professionals around the world, in a study sponsored by HCL.
The highest levels of confidence are correlated with teams that report directly into the CISO, and the lowest levels are correlated with teams reporting into the CIO. According to the study, 43% of respondents say their teams report to a CISO, while 27% report to a CIO.
“What we can conclude from this year’s study is that governance dictates confidence level in cyber security,” said Frank Downs, director of ISACA’s cyber security practices. “When the cyber security team reports directly to a designated and experienced cyber security executive, team leaders have significantly more confidence in their teams’ capability to detect attacks and respond effectively.”
The survey indicates that enterprises often experience confusion when structuring cyber security with information technology. The survey report points out that a CIO’s main goal is managing and implementing information technology, which is substantially different to securing and protecting it.
Phishing, malware and social engineering top the list of prevalent attack types for the third year in a row. Ransomware, however, is significantly down from 2018, with 37% of organisations reporting that they experienced ransomware in last year’s study, compared with 20% this year.
Just under half of organisations report an increase in cyber security attacks on their organisation this year, and 79% say it is likely they will experience a cyber-attack next year.