Board members neglect cyber security

Although managers in large companies are well informed about the dangers of cybercrime. Yet they do little to counter the threat. Most people don't respond until after a security incident.

Many managers neglect the dangers of cybercrime. The managers are well aware that the use of various cloud services, for example, creates additional risks in addition to their internal IT infrastructure, as a recent survey by Radware shows. According to the study, more than 90 percent already use more than one cloud service, and 96 percent of all managers surveyed are concerned about security in such constellations. Nevertheless, most of them need a dramatic experience, such as a significant security incident on their own network or that of a partner or competitor, to rethink their security strategy.

For example, 61 percent of respondents changed their security policies after a competitor incident. 59 percent did so after an incident on their own network. Regulations such as the DSGVO (48 percent) or state-controlled attacks (41 percent) were also used as an opportunity to change the security guidelines. For 37 percent, fear of losing their own job was a reason for new initiatives in network security.

»Ultimately, this means that many managers only take care of safety to the necessary extent when the child is already in the well,« says Michael Tullius, Regional Manager DACH at Radware. Many ways of minimizing the risk from the outset would not be seen or implemented consistently enough.

Significantly more cyber-bribery

Half of the companies surveyed did not consistently integrate cyber security into their application development processes (DevOps). Only 18 percent of respondents said they would perform comprehensive security tests again between the end of development and the introduction of an application. Hackers take advantage of this: The result is a dramatic increase in ransom attacks. In these ransom claims, cybercriminals are threatened with serious damage to the corporate network if they fail to pay.

While in 2017 only twelve percent of all respondents said they had already fallen victim to ransom attacks, this year it is already 69 percent. Over half of them actually paid ransom. Two thirds of all managers surveyed actually consider their IT infrastructure to be vulnerable and want to minimize the damage caused by ransom payments. »A ransom payment can eliminate the problem for the time being, but this kind of reaction will not advance a company,« warns Tullius. A reactive security strategy limits a company's ability to protect customer data and reputation and achieve business goals.

»Investing in suitable security solutions is no longer just an IT effort, but an essential prerequisite for the long-term success of a company,« says Tullius. After all, according to the study, many companies (71 percent) want to invest more in automated security solutions that can react particularly quickly to new threats, especially through the use of artificial intelligence.