Companies have nascent cyber defense strategies because of a lack of trust, which was perceived to be the biggest challenge in ensuring adequate cyber resilience, according to a new report from Kroll.
Vanson Bourne surveyed 1,000 senior IT security decision-makers in the first quarter of 2023 from Hong Kong, Singapore, Japan, United States, United Kingdom, Ireland, Spain, Italy and Brazil.
Findings show that security decision makers in Singapore also cited lack of communication in coordinating cyber teams for defense strategies as the top factor for depreciation of trust.
The report also dives into cost incurred for organisations from a lack of trust in the workplace, and unnecessary technology was ranked as one of the top consequences by organisations in Singapore (46%).
Broader findings from the report reveal widespread mistrust across organisations, with information security decision-makers (95%) sharing that they do not feel senior leadership trusts them to protect their organisations from threats.
Other factors that limit the growth of cyber defense were identified, such as overlooked cyber insurance and explores how misplaced trust has wide-ranging impacts on how effectively businesses deal with cybersecurity challenges.
Also, employees were trusted more (66%) than the accuracy of threat intelligence data (56%), which may lead to potential pitfalls in maintaining cyber vigilance.
James McLeary, managing director and global lead of cyber risk advisory at Kroll, said there needs to be trust in teams, trust in technology, in intelligence sources, and with suppliers.
However, there is a critical balance to be made on how much and where that trust should be placed. Further, there is a misunderstanding in the capabilities of security tools without continued managed response.
“Of course, this is understandable considering the sheer volume of data that security teams deal with and the number of cyber incidents businesses tackle daily,” said McLeary. “Security teams want solutions that will fix today’s problems, without appreciating the fact that there is no ‘one and done’ solution for an ever changing landscape.”
Additionally, it was found that while organisations use an abundance of elements in their defense programs, only over one in five currently have the benefit of specific cybersecurity insurance cover (23%).
Only 20% of IT and security professionals who say their security operations are cyber mature have cyber insurance. By industry, hospitality (10%), not-for-profit (13%) and transportation (17%) are leading in the lack of such insurance, whereas it is more prevalent in sectors such as technology and communications (34%) and education (27%).
However, two-thirds of companies in these sectors still do not have any form of cyber insurance. With the prevalence of cyber incidents in the past year, cyber insurance should not be overlooked nor dismissed by organisations.
Lester Lim, associate managing director at Kroll, said that organisations should also consider cyber insurance as a risk transfer mechanism – a crucial complement in the current cyber risk landscape.
“Though insurance costs for cyber related risks have risen materially in recent years, companies may be able to mitigate higher premiums and increased deductible limits arising from tighter underwriting and reduced cover by appropriately preparing for a more rigorous renewal process by focusing on controls,” said Lim.
