Scale Venture Partners Report: Execs’ Security Confidence May Be Misplaced

After the high-profile security messes that have graced headlines the last two years, many business owners finally stopped dragging their feet and upped their security posture. Now there’s a new level of confidence when it comes to cyberdefenses — but is it misplaced?

A new survey and report released today by Scale Venture Partners, Cybersecurity Perspectives 2019, says that despite a threat landscape that’s more complex than ever, 78 percent of executives are confident they’re well-equipped to handle cybersecurity risks — a 17 percent increase from a year ago. This despite no sign that cybersecurity threats are dying down. In fact, the World Economic Forum says that a cyberattack is nearly as likely as a natural disaster.

Compass MSP’s Tom Praschak

“I absolutely feel this is a false sense of security,” says Tom Praschak, president and CEO of Compass MSP. “While many executives have taken steps to make cybersecurity a priority at their companies, the fact remains that no matter what systems and processes are put in place it will never completely remove the risk and ‘beat’ threat actors. At best it stops all known threats and helps minimize the unknown threats by detecting them sooner and minimizing the possible damage done.”

eGroup’s Mike Carter

And with the average cost of a data breach now running about $3.86 million, minimizing that damage should be a top imperative for executives. Mike Carter, CEO of managed service provider eGroup, says that’s certainly what he’s seeing among his clients.

“The real motivator to cybersecurity postures across 2018 was the realization that no one is safe from data breach or risks of ransomware,” says Carter. “The risk of being taken down and plastered across the headlines has been the greatest contributor we’ve seen to organizations embracing a more realistic, comprehensive and thoughtful cybersecurity approach.”

Organizations have certainly become more alert as a result of major breaches and implementation of broad-based data privacy regulations such as GDPR. According to the Scale VP report, 55 percent of executives upped their investment in data privacy solutions, 49 percent increased measurement and reporting around data privacy and 48 percent devoted more resources to data privacy personnel.

“Our manufacturing clients were especially observant and working toward compliance,” says Gavin Livingstone, president of managed IT provider Bryley Systems. “Their security postures have improved significantly, with no data breaches in 2018 for these clients.”

That’s a great start, but it doesn’t change the fact that the threat landscape is scarier than ever. Last month, security researchers discovered a collection of 2.2 billion stolen usernames and passwords being bartered on hacker forums. Clearly, investments in data privacy aren’t coming fast enough.

“I wish [GDPR] would become law in the U.S.,” says Philipp Bauman, CEO of BoomTech IT. “The average SMB client will not make any changes until they have to.”

Still, at least conversations are happening more often and more freely than they were a couple of years ago, and respondents to the survey report a significant shift in drivers behind their security strategies. While threats and vulnerabilities remain the number one issue shaping businesses’ security postures, executives have stopped using budget constraints as an excuse to not act. Concerns about budget came in second place (31 percent) in the list of strategy drivers in 2017. In 2018, only 12 percent cited cost as …