Diving brief:
- Fewer than two in five (38%) CFOs and CEOs globally believe their company’s cybersecurity adequately protects more than 75% of their operations, Accenture said, noting that about half of senior executives have identified low funding and low accountability as barriers to protection.
- “Security teams are really struggling to help project what they are capable of and what they are not capable of and how that connects to business strategy and how the organization operates. business,” according to Ryan LaSalle, head of Accenture Security in the North. America. Chief information security officers (CISOs) are generally more confident than other senior executives in their company’s defenses against hackers.
- Last year, companies increased their cybersecurity spending to 15% of their IT budgets while dealing with an average of 270 cyberattacks, a 31% increase from 2020, Accenture said in describing the findings. investigation. Nearly half (49%) of CFOs and CEOs said siled responsibilities undermine cybersecurity.
Overview of the dive:
CFOs and their C-suite colleagues faced a record onslaught of cybercrime last year and, in recent months, have had to adjust to federal efforts to bolster cybersecurity.
Ransomware, “business email compromise” schemes and criminal use of cryptocurrency were the top causes of internet crime complaints to the FBI last year, driving reported abuse up 7% per month. compared to 2020 to reach a record 847,376. Potential losses exceeded $6.9 billion, the The FBI said in a report.
The widespread shift to remote work and schooling after the pandemic began in 2020 “has widened the remote attack surface and left network defenders struggling to keep pace with routine software patches,” according to the FBI.
The average ransomware payout jumped 78% last year to $541,000, fueled in part by the rapid spread of ransomware-as-a-service (RaaS) business models that lower barriers to entry for cyber -extortionists, said Palo Alto Networks.
Last year, ransomware criminals targeted businesses in the Americas in 60% of their attacks and demanded an average of $2.2 million from their victims, a 144% increase from 2020, Palo said. Alto Networks.
American businesses were the No. 1 target of ransomware hackers last year, facing 421 million breach attempts, a 98% increase from 2020, the Senate Committee on Homeland Security and Governmental Affairs said in a report.
The Biden administration has sought to bolster cybersecurity in both the public and private sectors, instituting a “zero trust” approach to the federal government and partnering with private electric, natural gas and water companies. to improve threat detection.
The Securities and Exchange Commission (SEC) in March proposed stricter and more detailed measures cybersecurity disclosure rules, including more in-depth corporate reporting on cyberattacks and regular filings on cyber risk management, governance and strategy. Companies should report violations within four days.
“Consistent, comparable, and decision-useful” disclosure standards would “enhance investors’ ability to assess the cybersecurity practices and incident reports of public companies,” SEC Chairman Gary Gensler said before the committee does not approve the proposal. The public comment period on the rule ended on May 9.
Under the SEC’s proposed rules, companies would have to update reports of previously disclosed breaches.
Companies would also be required to describe how they manage cybersecurity risks, “including whether the filer views cybersecurity as part of its business strategy, financial planning and capital allocation,” the SEC said. They should disclose the board’s role in cybersecurity oversight and management’s role in controlling risk.
Some companies make the mistake of believing that regulatory compliance will provide adequate cybersecurity, LaSalle said in an interview. Instead, they must integrate cybersecurity into all facets of business strategy, including initiatives such as mergers and product innovation.
Accenture determined in its global survey of 500 CFOs and CEOs and 4,244 CISOs that only 5% of companies have properly aligned cybersecurity with business strategy.
“Many organizations set their budgets based on what they are required to do to comply,” he said. “They don’t really think about how their business is performing, they don’t really think about what the threat actors are trying to do.”
Still, “there’s a big gap between the talent and motivation of threat actors, and what regulators are asking you to cover,” LaSalle said.
