CEOs across the world are facing a broad and complex set of risks to their business. ‘Unusual' is the new ‘business as usual'. Leaders are dealing with unforeseen events from the global pandemic to war in Europe to an increased number of natural disasters. However, whilst grappling with the challenges of operating a business in 2022, business leaders must keep another threat far less visible on their risk radar, cyberattacks.
In today's data and technology-driven business environment, fast-tracked by an increase in hybrid working, organisations are increasingly vulnerable to an attack. Cybercriminals see this as an opportunity to exploit these vulnerabilities and gain access to sensitive information. As a result, businesses need to take a fresh look at their cybersecurity measures and ensure they are up-to-date and effective.
HLB International is a global network of independent advisory and accounting firms with over 38,000 members in 157 countries. The HLB Digital team helps organisations prepare for and protect against cyber threats, to minimise risk. To ensure HLB can provide the best possible advice and service to its people, each year HLB survey IT professionals from around the world on the pressing issues facing the cyber landscape.
This year's HLB Cybersecurity Report 2022 focusses on the hidden risks in cyber-defence and lays the foundation for effective cybersecurity risk mitigation. In September 2022, HLB surveyed 753 senior IT professionals via an online questionnaire. The feedback was eye opening and shows that there are still considerable knowledge and competency gaps when it comes to effective cybersecurity.
Delving into the results, human behaviour was seen as the greatest barrier to cybersecurity with most data breaches being linked to human error. Whilst only 7% of respondents surveyed as part of this research believe there has been a decline in cyberattacks over the past 12 months, an astonishing 78% expressed concern that their organisation is not fully prepared for an attack.
"Our research has shown that digital transformation has changed the way we work. In many cases this has opened us to a greater risk of cyberattacks due to the pace of technology adoption, resulting in a lag in training, awareness and contingency planning. Businesses, now more than ever, need to invest in more robust frameworks and training programs to protect their employees and the longevity of their business from the negative impacts presented by the ever-evolving cyber-environment" Abu Bakkar, HLB's Chief Innovation Officer
Below are further findings and possible solutions from the HLB Cybersecurity Report 2022:
Skills Shortage
Employers are struggling with a labour market where access to talent has become challenging. When it comes to recruiting for strong cybersecurity skills this is no different. 85% of respondents see these skills shortages as a risk to cybersecurity. Similarly, 70% of respondents are also concerned about the lack of training on the subject. The combination of the rapid speed of technological advances, as well as the demand for people with technical data security backgrounds, has created a shortage of such skills. Continued learning is a must. There needs to be agreement from leadership that developing strong cybersecurity defence capabilities is an essential part of the business and needs investment. Organisations also need to look at more holistic approaches to employee retention which will help to keep cyber-talent in-house.
Cloud vulnerabilities and advance technology
Hybrid working, enabled by cloud capabilities and the ever-evolving flow of advanced technology, all makes for a cyber-environment that is difficult to control. Although 81% expressed concern over cloud vulnerabilities, it is here to stay. Migrating technology to the cloud is something HLB does for clients and provides awareness training and best practice implementation along the way. For a business to survive today, it is imperative to invest in cybersecurity and ensure there is a continuity plan in place for the likelihood of a future attack.
Human behaviour
The report found that 77% of respondents felt there was a lack of cybersecurity awareness from their staff. Whilst human behaviour takes time to change this is not the case for cyberattacks which keep evolving at a fast pace to become more sophisticated. Hybrid and remote working have made employees easier targets. To change the human psyche, there needs to be an emphasis on constant training and internal awareness about the cost of vulnerability, demonstrating the negative impact of the data breaches and business disruption caused by cyberattacks.
"Cybersecurity is one of the biggest threats to our society today and it is worrying that so many respondents are not prepared for a cyberattack. You cannot wait for an attack to then prepare for the next one. Businesses need to be meeting with cyber professionals to figure out how to exercise best practice to ward off an attack. Plans are only part of the preparation, human implementation is crucial, you must continually test existing cybersecurity procedures, running penetration tests and drills. Only through doing all this, can your business continue to thrive for the long-term." Jim Bourke, HLB Global Advisory Leader
We live in a world full of distractions and challenges. The list of economic, social and environmental issues for business entrepreneurs is growing every day but cybersecurity needs to be at the top of that list. Businesses can't control the economy, but they can control their cybersecurity position. Stand ready. A cyberattack is imminent, it is not a question of if, but when. Engage cyber specialists, implement a framework, and continue training in cyber-education.
Check out the Cyber Security Report 22 to read more on best practice. The report also contains a framework to help you further develop cybersecurity capabilities so your organisation can better prepare for an attack. You can thank us later!