Half of global organizations still don’t have cyber insurance, despite the majority believing cyber-attacks will increase next year, according to FireEye.
The security vendor polled 800 CISOs and senior executives across the globe to compile its new Cyber Trendscape Report.
More than half (56%) said they believe the risk of attacks will grow next year and 51% said they aren’t ready for an attack. Yet half claimed not to have any cyber insurance, rising to 60% in Germany.
Around one in 10 (8%) said they had no breach response plan in place, rising to 11% in the UK, 19% in Canada and 15% in Japan. Plus, 29% of those which did have response plans in place have not tested or updated them in the past 12 or more months.
This is one of the key requirements of the GDPR. Yet compliance fines appear not to be a concern to most organizations, despite the advent of the sweeping new EU legislation last year. Only a quarter (24%) of respondents said these were a concern, rising slightly to 39% in the UK, but dropping to 22% in Germany and 19% in France.
In fact, organizations are in many ways focused too much on compliance, according to Eric Ouellet, global security strategist at FireEye.
“One attitude that emerged which people should reconsider is letting compliance dictate security standards, when actually they should be aiming for a higher level of protection,” he said.
“For example, the report found that 29% of organizations had informal training programs on an ‘as needed’ basis that are focused on meeting core compliance requirements. It’s likely that the organizations which are taking a more comprehensive approach in this area and others are better equipped to deal with security threats.”
Another interesting finding from the report is the continued challenge of security awareness training. Around a fifth (21%) of German respondents lack any cybersecurity training program, much higher than the global average (11%).