Skip to main content
Survey Report

The Cybersecurity Imperative Pulse Report

Corporate Risk Consulting|Corporate Risk Tools and Technology|Cyber Risk Management
N/A

August 14, 2019

This survey is a follow-up to a more comprehensive Cybersecurity Imperative survey of 1,300 companies conducted in the fall of 2018.

Managing cyber risks in a world of rapid digital change

ESI ThoughtLab and WSJ Pro Cybersecurity carried out this survey in the spring of 2019 as part of a global research initiative titled The Cybersecurity Imperative. This pulse survey is a follow-up to a more comprehensive survey of 1,300 companies conducted in the fall of 2018. The latest survey was developed to track how executives’ investments, plans, and perspectives have changed over the last nine months.

Many executives believe that their cybersecurity investments are paying off. Firms report a decline in the impact from untrained staff, social engineers, and unsophisticated hackers over the last nine months. The results indicate that the impact of cyberattacks from malware, phishing, and mobile phone apps also decreased over that period. Yet the escalation in overall reported cyber losses highlights that cybersecurity is an ever-evolving struggle, as hackers target not just individual companies but whole industries, searching for any vulnerability.

The research reveals that to combat evolving risks, companies need to ensure they are allocating the right amount of their budget toward cybersecurity investments and take on a proactive, multi-layered defense. Firms are responding by allocating the biggest share of their budgets to technology, while seeking the right balance between investments in people and process. They are also focusing more on risk identification to address emerging vulnerabilities and are investing more in resilience to ensure they can respond quickly to attacks.

Here are some clear action steps you can take to mitigate your cyber risk:

  • Make sure you are investing enough in cybersecurity. Some industries, such as media and consumer markets, are allocating less and may be more exposed to cyber risks.
  • Think of cybersecurity like any other existential threat to your business. The risks are not just about privacy, liability, and stealing data; they also can create huge operational risks if business is interrupted and can have reputational impacts that can hurt market positions.
  • Pay attention to risks from partners and your supply chain. As firms draw on ecosystems of third parties to drive digital transformation, they increase their vulnerabilities to cyber risks.
  • Be aware that legal and regulatory risks are also rising substantially. Companies that do not comply with new standards face hefty penalties and legal consequences.
  • Implement rigorous incident training. To do so, put key stakeholders through a strong scenario exercise to prepare them for events when they occur, and to plan on how to respond quickly.
  • Measure your full losses, costs, and returns. When hit by a successful cyberattack, you need to understand all your costs—direct and indirect, tangible and intangible.

The Cybersecurity Imperative program was conducted with a coalition of leading organizations with expertise across the cyber security space, including Baker McKenzie, CyberCube, HP, KnowBe4, Opus, Protiviti, the Security Industry Association, and Willis Towers Watson.

Download PDF
Title File Type File Size
The Cybersecurity Imperative Pulse Report PDF .7 MB
Contact Us