Most organisations (67 percent) are facing rising threats in their information security risk environment, but over a third (37 percent) have no real-time insight on cyber risks necessary to combat these threats.
This is one of the top-line findings of EY’s annual Global Information Security survey, Get Ahead of Cybercrime, which this year surveys 1,825 organisations in 60 countries.
“Cybercrime costs the African continent, including the western, eastern and southern parts of Africa millions of dollars a year, making EY’s findings highly relevant to business and government in our country,” said Yemi Saka, EMEIA Advisory Centre’s cyber security leader for Africa. According to him, fewer than half of all Nigerian firms see cybercrime as a risk, raising concerns that they may not be equipped to deal with the rapidly varying threat landscape.
In view of this, organisation across sectors in Nigeria, Africa’s largest economy by GDP, need to increase focus on cyber security, Saka said, further adding that this increase in focus goes to the heart of helping organisations protect their customer data, competitive advantage and promotes an ever progressive alignment to global standards.
READ ALSO: Assessing the Nigerian elite’s approach to regulation
“Consequently, the conversation needs to shift quickly from a reactive to a proactive and holistic approach if inherent Cyber Security risks are to be mitigated and reduced,” Saka further added. Forty-three percent of respondents say that their organisation’s total information security budget will however stay approximately the same in the coming 12 months despite increasing threats, which is only a marginal improvement to 2013 when 46 percent said budgets would not change.
Over half (53 percent) say that a lack of skilled resources is one of the main obstacles challenging their information security programme and only 5 percent of responding firms have a threat intelligence team with dedicated analysts.
These figures also represent no material difference to 2013, when 50 percent highlighted a lack of skilled resources and 4 percent said they had a threat intelligence team with dedicated analysts.
“Careless or unaware employees” is revealed as the number one vulnerability companies face, with 38 percent of respondents saying it is their first priority, and ”outdated information security controls or architecture” and “cloud computing use” are second and third respectively (35 percent and 17 percent). ” Stealing financial information,” “disrupting or defacing the organisation” and “stealing intellectual property or data” are the top three threats (28 percent, 25 percent and 20 percent respectively say it is their first priority).
This year’s survey finds that organisations need to do a better job of anticipating attacks in an environment where it is no longer possible to prevent all cyber breaches, and where threats come from ever more resourceful and well-funded sources.
Paul van Kessel, EY’s global risk leader, said, “Organisations will only develop a risk strategy of the future if they understand how to anticipate cybercrime. Cyber-attacks have the potential to be far-reaching – not only financially, but also in terms of brand and reputation damage, the loss of competitive advantage and regulatory non-compliance. Organisations must undertake a journey from a reactive to a proactive posture, transforming themselves from easy targets for cybercriminals into more formidable adversaries.
Ben Uzor
