WHEN CONFIDENCE in security preparedness comes down merely to wagering a chocolate bar, 1 in 5 security professionals wouldn’t make the sweet bet that they could prevent a damaging breach, according to Ivanti’s State of Security Preparedness 2023 study. Yet 97% of the leaders and security professionals surveyed report their organization is as prepared or more prepared to defend against cybersecurity attacks than they were a year ago.
The disconnect, the report concludes, comes down to a reactionary, checklist mentality.
It’s not from lack of spending though. Seventy-one percent of respondents predict an increase to their cybersecurity budget in 2023, an 11% increase on average. In addition, nearly 3 in 4 security professionals say they’ve set aside funds for security breaches, and the “emergency fund” budget for breaches makes up approximately 16% of the overall cybersecurity budget.
Source: Ivanti, State of Security Preparedness 2023
In terms of being proactive, 92% of respondents say they have a method to prioritize which vulnerabilities to patch, but the research also finds that all types of patches are ranked as high priority. Moreover, more than 1 in 4 have not documented their methods.
Respondents identify phishing, ransomware, and software vulnerabilities as top industry-level threats, with 43% experiencing a phishing attack in the last 24 months, 38% experiencing a software vulnerability threat, and 30% facing a ransomware threat. In addition, just 42% say they are very prepared to safeguard against supply chain threats, even though 46% call it a high-level threat.
And speaking of phishing, the research finds that company leaders are four times more likely to be victims of phishing compared to office workers and engage in more dangerous behavior in general. For instance, more than 1 in 3 leaders have clicked on a phishing link, nearly 1 in 4 use easy-to-remember birthdays as part of their password (and are much more likely to hang on to passwords for years), and executives generally are 5x more likely to share their password with people outside the company.
Hmmm, that may partially explain the reluctance to bet a chocolate bar.
Image: iStock
