Only 4% of companies are ready to face cyber attacks

Budget restrictions for preventing cyber attacks is one of the main problems in companies today, and many of them operate without a structured program to combat digital threats. This makes only 4% of companies feel prepared to face cyber attacks, according to the results of the annual study carried out by EY (Ernst & Young) with 1200 executives in the information security and IT area around the world.
 
The survey finds that increasing investment in this area is a request for 70% from executives interviewed, who say they require 25% or more funding for the job. From 2016 to 2017, there was a budget increase to 59% of companies, but only 12% believe they will have values at least 25% higher.
 
This year, 76% of the participants stated that companies would only increase the resources allocated to this front if an attack caused significant damage to their business. On the other hand, 64% said that an attack that appears to have done no damage would have a low probability of resulting in a budget increase.
 
“This number is higher than last year, which is worrying. Every attack does damage, even if not immediately. It could be that the attackers are testing systems for vulnerability, or else diverting attention from an even more relevant attack. Organizations must assume that all cyber attacks are harmful and conclude that, in places where damage has not been identified, this is because it has not yet been discovered”, comments Sérgio Kogan, lead partner of the cybersecurity practice at EY Brazil.
 
The vulnerability of companies around the world to a cyber attack grows every year: between 2016 and 2017 alone, malware and phishing threats increased by 12%. Even if this is an identified problem, few companies bother to develop an attack prevention and identification program: 57% of companies do not have a threat intelligence program or have an informal program.
 
In Brazil, the number of companies that registered an increase in their cybersecurity budget is lower: 52% compared to 59% globally. On the other hand, 40% of Brazilian companies showed that they have a Security Operations Center, a structure dedicated only to cybersecurity – in the world, 48% claim to operate in this way. Over here, 61% of companies believe that the most valuable information for cyber criminals is the personal data of customers.