Increased risk tolerances are making digital transformation programs vulnerable
Digital transformation programs could be vulnerable to cyber attacks due to increased risk tolerances and ongoing cybersecurity challenges, according to a global research of 500 cybersecurity decision makers by NCC Group.
Seventy-six per cent admitted that they had increased their risk tolerances to allow changes to their operating model (such as remote working) during the pandemic. Simultaneously, organizations are struggling with security challenges that include balancing proactive security improvements with everyday operations, knowing which risks to prioritise and digesting the volume and complexity of reports from third parties after a security assessment.
The research suggests that this ongoing cyber debt has negatively affected organizations’ security postures: forty-five per cent said that their transformation projects had inherited legacy security issues, with just thirty per cent integrating cybersecurity into those programs. If legacy systems remain connected to the internet or an organization’s network, hackers can exploit vulnerabilities in them and use them to infiltrate other areas of the organization.
Organizations plan to increase spending to address their cyber debt
After cutting cyber budgets and freezing recruitment of security staff during the pandemic, most organizations plan to increase spending to address their cyber debt. 55% said that they planned to increase security spending by thirty per cent or more, while just four per cent planned to decrease spending by the same amount.
However, nearly sixty per cent said that they will rely on internal scoring mechanisms to measure their cybersecurity posture, while less than a quarter have a structured security improvement plan in place for the next 12 months.
Ian Thomas, Managing Director for NCC Group Assurance UK & ROW, said: “It’s clear that the pressures of the pandemic have forced organizations to increase their risk tolerance and temporarily cut spending on cybersecurity, it’s a double hit. In doing so, they have exposed themselves to legacy security issues, which could ultimately cost organizations more money by derailing vital transformation projects if they do not repay this cyber debt.
“What is encouraging is to see organizations planning to increase security spending to address this debt. That said, it’s vital that these funds are invested as part of a strategic security improvement plan to ensure that legacy security issues are remediated effectively and to provide ongoing improvements to an organization’s security posture.”