Solarwinds MSP: Overconfidence in Security Damaging for Businesses

There appears to be a disconnect between what IT executives – CIOs, heads of IT, and CISOs – believe about their cybersecurity and the damage they’re enduring. That’s according to the 2017 Cybersecurity: Can Overconfidence Lead to an Extinction Event? survey from Solarwinds MSP.

Simply stated, the survey respondents – 400 SMBs and enterprise equally split between the U.K. and the U.S. – have more confidence in their cybersecurity readiness than is warranted.

Responding to the survey findings, John Pagliuca, SolarWinds MSP general manager, said, “Our findings underscore the problems that contributed to the ‘WannaCry’ ransomware’s ability to cause so much damage around the globe. These results beg the question, ‘How can IT leaders feel so prepared yet still be exposed?’

In fact, 87 percent of organizations reported having complete trust in their security techniques. Of these firms, 71 percent were breached at least once in the past year, despite the belief of 59 percent of these same companies that they’re more secure than 12 months earlier.

Survey respondents noted a variety of security breaches they experienced over the past year, with the top five being: failure of a critical business system, such as line of business (LOB), 37 percent; insider accidental act such as deletion of data or exposure of confidential data, 32 percent; cybercriminal DDoS or other fraud/extortion attempt, 31 percent; insider malicious attacks at such as theft or destruction of data or systems, 31 percent, and a ransomware outbreak, 28 percent.{ad}

These incidents not only cost the organizations cited in the survey tangible losses, such as money, downtime, legal action, loss of customer or partner, but 23 percent reported intangible losses, such as brand reputation and loss of new opportunity.

So what did they do? Less than half of the companies implemented new security solutions after a data breach, and 14 percent did nothing.

SolarWinds MSP investigated why this overconfidence is occurring and identified seven basic faults:

There’s some positive news: Sixty-one percent of respondents report that their cybersecurity budgets will increase, and they expect improved security at their companies.

At the same time, Solarwinds MSP notes that many organizations are confused about the difference between security and cybersecurity.

“The former is what companies are talking about when they think about readiness. What they often don’t realize is that cybersecurity protection requires a multi-pronged, layered approach to security that involves prevention, protection, detection, remediation, and the ability to restore data and systems quickly and efficiently,” Pagliuca said.