PwC’s 2015 Global State of Information Security Survey reveals that 50% of organisations now have cyber insurance to protect themselves against cyber risks and the misuse of personal data.
This statistic supports the commonly accepted view that cyber risks will only continue to increase in potency and impact. In fact, the number of respondents that reported losses of USD$20 million or more almost doubled over 2013.
The study also shows, however, that in some instances information security programmes have weakened due to inadequate investments. At the same time, the financial costs of investigating and mitigating incidents has grown year-on-year.
The survey highlights the fact that small and medium-sized organisations are not spending on security: “Companies with revenues less than $100 million reduced security investments by 20% over 2013.”
Furthermore, security spending as a percentage of the total IT budget has remained low, with no indications of lifting.
Prevent, protect, detect and respond
Disappointingly, boards of directors remain uninvolved in security decisions, with only 40% actively participating in determining the security budget. Furthermore, only 25% of boards participate in reviewing current security and privacy risks.
Despite ongoing evidence that employee risks and insider threats are among the most costly and damaging liabilities for organisations, there is a diminished commitment to employee training and staff awareness programmes.
The report warns that, as cyber threats escalate, organisations should implement processes and systems to prevent, protect, detect and respond to elevated threats.
Assessing your network infrastructure and websites regularly is an essential element of maintaining effective information security. Regular vulnerability assessments and penetration testing should be a fundamental part of your quarterly security management. A penetration test can give you and your management peace of mind by assuring you that your websites and networks are secure against attack.
IT Governance’s CREST-accredited penetration testing team can conduct a penetration test that will identify exploitable vulnerabilities before they can be uncovered by an indiscriminate cyber attack. We uniquely offer a combination of fixed-price and bespoke penetration testing solutions, enabling you to choose the right option easily.
View the types of tests available here.
Contact us now for a detailed consultation to establish your penetration testing requirements.