Far fewer businesses say they would pay a ransom demand, down to 19% from 35% in 2021 and 43% in 2020, according to a survey conducted by the Wall Street Journal.
The survey revealed that while ransomware remains a concern, 75% of respondents had not experienced a ransomware event over the last year.
For the cybersecurity survey, WSJ queried 343 organizations on their views of the cyber threat landscape and discussed the results during a recent virtual cybersecurity forum.
Asked about cybersecurity governance in their firms:
- Nearly 30% said the chief information security officer (CISO) leads the cyber function, but responses varied widely
- Just 18% of respondents said their CISO reports directly to the CEO, something WSJ researchers highlighted as counter to governance best practices
“A consensus on a standard line of leadership for cyber has yet to emerge and appears to be some way off,” said David Breg, WSJ Pro’s research director, during the forum.
Looking at third parties:
- 37% of respondents said they assess their vendors for cyber risks less than annually
- 34% also said they have terminated relationships with suppliers over bad cyber posture
Cyber Skills Shortage
Results also revealed cybersecurity leaders have fewer years of experience than in the past, which may tie into talent shortages. Organisations continue to have trouble hiring cybersecurity professionals:
- Over 50% said skilled individuals weren’t available
- 40% said the candidates they could find lacked experience
- 33% said “Unrealistic” salary expectations were a challenge
More Cyber Insurance = Less Prep?
About 65% of organizations say they feel “fully prepared” for cyberattacks, but the only area where respondents showed growth was in the purchase of cyber insurance, up from 69% last year to nearly 75%.
However, cyber awareness training, identification of critical data, and cyber leadership training all dropped from the previous year.
“These were the most surprising results and also the most disappointing,” said Breg. “We saw a regression in several categories this year… complacency must be avoided.”
Breg speculated that respondents might feel they have improved their preparedness but may feel overwhelmed by the constant evolving nature of cyber crime. Middle-market firms were the main driver behind the falloff in preparedness, he added.
Original article by Erin Ayers, Managing Editor, Advisen, [email protected]
Want more? Try “Cyber Front Page News”
Get more from our Advisen sister publication: Cyber Front Page News
A compilation of articles pertaining to everything cyber, delivered via email every Tuesday and Friday. Subscribe here