The new report follows Radware’s annual survey of C-suite executives across the US and Europe. Overall, 85% of executives said that security threats are now a board-level concern. Almost all participants (94%) rate security as an extremely or very important priority, with 62% deeming it “extremely important”, an increase from 53% last year.
Another noteworthy finding among UK execs: Half reported that they are more concerned about cyber security than Brexit.
Almost three in five (56%) executives indicated that their company had experienced a cyber-attack in the past 12 months, with those in Europe more likely to report experiencing an attack than their US counterparts (75% v 36%). Yet, in
Radware’s security industry survey, 98% of security professionals globally reported experiencing at least one attack in 2016.
Radware believes that the greater number of attacks in Europe is not a sign that the continent is under attack any more than the U.S. Instead it's a reflection of cultural difference and a more mature model of detection in the US and more stringent reporting requirements in Europe - or some combination of those factors.
Respondents selected Network infrastructure (27%) and IoT devices (22%) as “extremely likely” targets for hackers in the next three to five years. Executives identified negative customer experience (39%) as the biggest impact of a cyber-attack, with brand reputation loss (36%) and revenue loss (34%) close behind. Furthermore, 56% of European executives estimate that cyber-attacks cost their businesses between ?500,000 and ?10m (compared to 40% in the US).
Meanwhile, executives identified the most detrimental cyber-attacks as malware and bots (62%), Ransomware (57%), web application attacks (55%), Advanced Persistent Threat (54%) and distributed denial of service (54%). Additionally, the amount of UK executives who reported experiencing a ransom attack almost doubled from 12% last year to 23% in 2017. However, 52% of UK respondents said they would not pay a ransom while a further 30% said it would depend on the risk or the amount involved.
When it comes to managing security, all organisations have the same fundamental options: manage internally, rely on an ISP or carrier, or outsource to a security provider. While half of all respondents prefer the DIY approach, the 2017 survey uncovered some regional nuances around how companies source their security: About one in ten U.S. companies do not have an in-house security team, while UK companies strongly prefer internal management (71% vs. 54% in the US, 47% in Germany and 33% in France.).
Pascal Geenens, Radware EMEA security evangelist, believes that turning towards AI and automated cyber defence solutions is the natural next step given the advanced attacks that cyber attackers now employ: “The findings show that many victims thought they had the correct security measures in place to protect their business, but the reality is that the nature of the threats is constantly evolving and hackers are exploiting tools such as the Mirai or Brickerbot botnets that didn’t even exist when they last reviewed their security defences.
“It’s prompting business leaders to consider intelligent security solutions so that they can fight bad bots with good bots. Manual cyber defences are no longer strong enough. Many UK businesses suffer daily attacks, and these attacks can come in many different forms. But what we have seen in the last 12 months is more willingness from executives to look at new solutions to new problems. Failure to embrace automated cyber security systems will almost definitely result in business loss from cyber-attacks. We think it’s only a question of time before AI gets a seat at the board table.”
Like last year, European executives lead in the use of innovative practices for detection and testing stating they were more likely to employ ex-hackers as part of their security team compared to their US counterparts. In Europe, 58% said they were very or extremely likely to do so, while just 27% of US executives expressed that willingness. What’s more, nearly half of respondents in Europe have already invited hackers to test their systems for vulnerabilities.
The survey also sought to measure executives’ views on privacy. Two-thirds of respondents said that current laws related to information security compromise personal privacy. A further 79% said their government should do more to protect consumers’ personal information - even though 33% of European execs and 20% of US execs conceded that more stringent legislation could adversely affect their day-to-day operations.
Geenens added: “With EU countries bracing to meet the stringent requirements of the General Data Protection Regulation (GDPR) next year, it’s no surprise that business leaders are worried about the effects of new legislation. It also explains why their security teams may be more likely to communicate about cyber-attacks. In the US - where the current climate is one of rolling back regulations and consumer protections - security teams may feel less pressure to be transparent with the C-suite.”