Payments Awards

Quarter of business leaders do not understand cyberattacks

Written by Mark Evans
12/12/2017

Research revealing the widening gap between digital transformation and business understanding of the risks has been published by CA Veracode, showing that a quarter of business leaders have no understanding of cyberattacks.

Securing the Digital Economy highlights how the investment in software and digital transformation is accelerating, with around one in five business leaders indicating that their software budget had increased 50 per cent or more over the past three years to support digital transformation projects. However, this has not translated to greater security budgets or awareness of the security risks with only half of business leaders surveyed understand the risk that vulnerable software poses to their business.

In fact, the report indicates that 25 per cent of all business leaders surveyed in the UK and US report that they do not understand any of these common cybersecurity threats:

Vulnerable software
Ransomware
Vulnerable open source components
Phishing attacks
Malicious employee activity
DDoS attacks

Perhaps of even greater surprise is that only one-third of business leaders surveyed had heard of the global WannaCry ransomware attack, although awareness was greater among British business leaders at 40 per cent, perhaps due to the coverage of the NHS attack. Just one in 10 reported it led them to rethink their approach to cybersecurity however.

Of the 33 per cent who indicated that a cyberattack on another company had led their business to rethink its approach to cybersecurity, many have either taken steps to improve their software security or plan to over the next 12 months.

While high profile breaches do not in themselves prompt great change in behaviour, when confronted with the possibility of personal accountability in the event of a breach, executives are more likely to take action. More than a third of the business leaders surveyed said the personal risk to executives outstripped compliance as a driver for board members.