“If we had known …” – that’s the classic sentence beginning after a successful hacker attack . But just when it sensitive information was stolen, it is too late. Many companies are coming to the conclusion that cybersecurity is no longer just technology today. Well-versed employees need to react in a timely manner to warnings, or even actively hunt downattackers, supported by technological solutions .
However, some of the IT security challenges are homemade, as IDC found out among 500 IT decision makers in a joint survey with IT security firm FireEye and consulting firm DXC Technology. We have summarized the key findings of the study for you.
5 factors for more IT security in companies
1. The aspect of security must be considered in IT projects in good time.
IDC has investigated when the factor cybersecurity will be included in new projects. Although 44 percent of the respondents include the topic from the beginning into their considerations. However, a quarter of the respondents only deal with IT security when there has already been a security incident.
2. There is a connection between advanced cybersecurity and agility of IT.
High-security organizations tend to be better positioned to meet evolving needs such as new applications and new service requests.
3. IT security needs the will to change .
Even though “more” is not always better, companies must still have the will to change. Many of the advanced cybersecurity companies are early adopters, using technologies based on heuristic or artificial intelligence.
4. Advanced IT security is also based on external know-how in many
The survey found that those companies that regularly use external expertise and not just trust that knowledge are built internally have the most advanced IT security. This is especially true for relatively independent projects such as testing or implementation projects.
5. Cybersecurity is seen as a strategic investment, not a cost factor.
According to IDC, there is a clear correlation between the maturity of IT security and the perception of IT in management. In organizations where IT is seen as a cost factor, security systems are less well developed – and organizations tend to be more vulnerable.
Cybersecurity needs budget.
Although many of the factors are theoretically known, they still fail to materialize. North America, especially the United States, is considered one of the most advanced markets in the sector. Of course, this security arms race is also associated with high expenses, for example for new technologies, service providers or manpower.
If one compares the potential loss of company value (including the reputation) to these costs, it soon becomes clear that investments in this area are worthwhile. Especially with the EU General Data Protection Regulation in the coming year can be imposed for data breaches fines of up to 20 million euros or up to four percent of global annual sales. While hacking attacks will never be completely preventable, the risk of such a cyberattack can be minimized by considering the five factors mentioned above.