Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites.
Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. For avoidance of any doubts and to make it easier, you may consider any links to external websites as sponsored links. Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.

SIXTY-THREE PER CENT OF C-SUITE MORE CONCERNED ABOUT PAYING FOR THE COSTS OF A CYBERSECURITY BREACH THAN LOSING CUSTOMERS, SAYS NEW STUDY

Centrify research finds two-thirds of UK organisations admit that privileged identity and access management would have most likely prevented significant breaches

For UK senior executives who admit their organisations have suffered at least one significant cybersecurity breach within the past two years, the associated costs of a breach are considered the most important consequence. This is according to a new study by Centrify, a leading provider of Zero Trust Security through the power of Next-Gen Access, commissioned through Dow Jones Customer Intelligence.

Nearly two-thirds (63 per cent) of respondents in the UK believe investigation, remediation and legal costs are the most important consequence of a breach, followed by disruption to operations (47 per cent) and loss of intellectual property (32 per cent). They showed less concern for impact on brand, including loss of customers (16 per cent) and damage to the company’s reputation (11 per cent).

The study of 800 senior level executives, including CEOs, Technical Officers and CFOs in the UK and US, also indicates that there is confusion among the C-suite about what constitutes a cybersecurity risk and what needs to be done to prevent it. In the UK, malware is seen as the biggest threat to an organisation’s success among 44 per cent of respondents, compared to just 24 per cent who point to default/weak or stolen passwords and 29 per cent who blame privileged user identity attacks. However, of those organisations that experienced at least one significant security breach in the past two years, just 11 per cent admit it was due to malware, while almost twice as many put it down to either a privileged user identity attack or the result of stolen or weak passwords (both 21 per cent).

In fact, 63 per cent of UK organisations that experienced a major breach admit that privileged identity and access management would have most likely prevented the breach. The Verizon 2017 Data Breach Investigation Report supports this, indicating that 81 per cent of breaches involve weak, default or stolen passwords. More than half (53 per cent) of respondents at breached organisations say audit trails for system accesses, and a quarter say training or awareness would most likely have stopped a breach.

According to the survey, the largest areas of cybersecurity investment over the next 12 months will be for malware (44 per cent) and phishing (38 per cent), while protection against stolen or weak passwords (33 per cent) and privileged user identity attacks (26 per cent) are investment priorities for fewer respondents.

Barry Scott, CTO EMEA at Centrify, explains: “It’s no surprise that the C-suite often points to malware as the biggest threat. Sensational headlines about major attacks could be to blame, which companies see and react to, often mistakenly, when in fact identity-related attacks – such as stolen or weak passwords, and attacks on privileged users within organisations – are the primary threat to cybersecurity today.

“What’s worrying is that they then look to invest money in protecting against malware, when in fact they should be focusing on the increase in identity-related attacks. Business leaders need to rethink their strategy with a Zero Trust Security approach that verifies every user and every device, and provides just enough access and privilege.”

CEO disconnect weakening security

A Centrify white paper accompanying the research points to a disconnect between CEOs and their technical peers (CTOs/CIOs/CISOs) in both countries when it comes to the most important cyber risks threatening an organisation, which could leave them vulnerable to breaches. View the study: https://www.centrify.com/resources/ceo-disconnect-weakening-cybersecurity