Wi HACKED! Cybersecurity continues to be a major concern among Wisconsin Business Owners and CEOs – even as they devote more resources and take substantial steps to control cyber threats. The Global Risks 2018 Report – from the World Economic Forum held in Davos, Switzerland in January 2018 – placed cyberattacks in their highest risk likelihood and highest risk impact category.
Across the globe, cyber-risks intensified in 2017 with the report stating that cyberattacks are increasing in both prevalence and disruptive potential. Attacks against businesses doubled in five years: From 68 attacks per business in 2012-to-130 per business in 2017.
The most recent Nicolet Bank Business Pulse addressed cybersecurity in Northeastern Wisconsin: When asked how concerned they are about the cybersecurity of their business: 78% of CEOs are either Very Concerned (36%) or Moderately Concerned (42%) – a slight increase from the 2015 Business Pulse survey.
More than half (59%) said they are more concerned today than they were a year ago; 40% say they are as concerned today as they were a year ago. CEOs with more than 100 employees in the Service Sector are more concerned about cybersecurity (65% are Very Concerned) compared with 37% with 25 or fewer employees, and 0% with 26-100 employees.
Social Media + Careless Employees = Intense Vulnerability
Wisconsin CEOs feel most intensely vulnerable to “social media use” (21% feel Very Vulnerable) and, “careless or unaware employees” (19% feel Very Vulnerable). In 2015, The Nicolet Bank Business Pulse reported that CEOs felt Most Intensely Vulnerable about the Use of Cloud Computing (22% Very Vulnerable).
According to The Global Risks 2018 Report, cybercriminals have an exponentially increasing number of potential targets because the use of cloud services continues accelerating, and the Internet of Things is expected to expand from an estimated 8.4 billion devices in 2017 to a projected 20.4 billion in 2020.
CEOs in the Service Sector are significantly more concerned about: 1) “use of cloud computing” with 53% saying Very or Moderately Vulnerable compared with just 18% saying the same in the Goods Producing Sector and; 2) “social media use” with 70% in the Service Sector saying they are Very or Moderately Vulnerable compared with 24% in the Goods Producing sector. The differences may reflect the nature of the business and degree of employee usage of information and communication technology by employees in these two sectors of the economy.
Differences also exist based on the number of employees. CEOs of organizations with more than 100 employees feel most vulnerable to “use of cloud computing” (29% Very or Moderately Vulnerable), the “use of mobile computing” (35% Very or Moderately Vulnerable) and “careless or unaware employees” (28% Very or Moderately Vulnerable). Organizations with 25 or fewer employees feel the most vulnerable to “use of social media” (37% Very Vulnerable), careless or unaware employees (50% Very or Moderately Vulnerable) and “use of mobile computing” (66% Moderately Vulnerable).
Malware and MORE
When asked how concerned they are about a variety of threats, CEOs expressed the most concern about malware (e.g. viruses, worms and Trojan horses) as a threat to their cybersecurity: 45% are Very Concerned; 30% Moderately Concerned; 17% Somewhat Concerned; 7% Not Concerned at all.
There is also considerable concern over “cyberattacks that are directed at stealing financial information such as credit card numbers and bank information” (30% are Very Concerned; 32% Moderately Concerned); fraud (34% Very Concerned; 17% Moderately Concerned) and “espionage by competitors” (2% Very Concerned; 36% Moderately Concerned).
One-quarter (24%) of the CEOs are Very Concerned about “cyberattacks to steal intellectual property” with 21% Moderately Concerned. Lower on the list are “internal attacks by disgruntled employees” (23% Very or Moderately Concerned) and “natural disasters” (14% Very or Moderately Concerned).
BIG Jump in Espionage, Theft, Fraud
The most significant increase from 2015-to-2017: 1.) Espionage by competitors increasing from 6% saying Very or Moderately concerned in 2015 to 38% just two years later; 2) stealing intellectual property with 26% saying Very or Moderate concerned in 2015 to 45% in 2017 and; 3) fraud increasing 41%-to-51% in 2017.
According to a recent study conducted by McKinsey & Company, more than half of all respondents – and 70% of CEOs from financial institutions – believe cybersecurity is a strategic risk for their companies. Additionally, it was found that some executives think internal threats from employees are as big of a risk to their companies as external attacks, parallel to 47% of CEOs who reported some level of concern about “internal attacks by disgruntled employees.”
There are a few differences in the levels of concern by the number of employees in the business. Close to half (46%) of CEOs with 25 employees or less are Very Concerned about “cyberattacks to steal financial information” and 40% are Very Concerned about “cyberattacks to steal intellectual property.” On the other hand, 29% of CEOs with 26-100 employees and 35% with more than 100 employees are Moderately Concerned about internal attacks by disgruntled employees. None of the CEOs say they are Very Concerned about disgruntled employees mounting an internal attack
Progress: Substantial Steps Taken
More organizations have taken substantial steps to control cybersecurity in 2017 than was reported in 2015. Nearly 70% of all organizations “have a person who is directly responsible for monitoring and managing cybersecurity issues” (66% in 2015); 60% “have an action plan in place in case a cybersecurity breach occurs” (19% in 2015); 48% “have a cybersecurity policy” (18% in 2015); 43% “educate all employees on cybersecurity issues” (37% in 2015); 37% “have a cybersecurity breach detection program,” 34% “have a cybersecurity assessment process” (21% in 2015) and 33% “regularly test their cybersecurity” (27% in 2015). Fewer CEOs report they have taken the step of “requiring all vendors or suppliers to have met cybersecurity requirements” (10% in 2015).
While just over two-fifths (43%) of CEOs say they “educate all employees on cybersecurity,” a Price Waterhouse Cooper study found: Employees were cited as the most likely to cause a cybersecurity threat to a business.
There are no differences between Goods Producing and Service Sector businesses on steps taken to control cybersecurity. Businesses with more than 100 employees (94%) are much more likely to “have a person who is directly responsible for monitoring and managing security issues” than smaller businesses – 60% each for businesses with 26-100 employees or 25 or fewer employees. Larger organizations are also more likely (94%) to “have a cybersecurity breach program in place” than those with 26-100 employees (50%) or those with fewer than 26 employees (47%). Additionally, businesses with more than 100 employees are more likely to “educate all employees on cybersecurity threats” (69%) than smaller businesses (53% with 26-100 employees; 23% with 25 or fewer employees). Interestingly, no CEO with 26-100 employees reported taking the step of “regularly testing their businesses cybersecurity system” while 47% with 25 or fewer employees and 38% with more than 100 employees reported taking this step.
The Nicolet Bank Business Pulse© finds significant – and growing – concerns over cybersecurity among CEOs in Northeastern Wisconsin. As technology advances, CEOs see increasing access and threats. Some of these threats are coming from the evolution of ransomware, the expansion of artificial intelligence, growth of the Internet of Things and The Blockchain Revolution. These trends require that organizations stay on top of the advancements in technology and the potential cybersecurity threats they may pose.
GenCyber Camp is FREE, but you must apply. Applications are due JUNE 15/Camp begins JULY 23. The program is led by UWGB Professors Ankur Chattopadhyay and Iftekhar Anam. Click HERE.