Cybersecurity: Under half of organisations are fully prepared to deal with cyberattacks

Only 49% of CISOs and other senior executives are fully confident that their organisation could deal with the fallout of a hacking incident or data breach right now, and most think the threat from cyberattacks will get worse.

Is your boss taking cybersecurity seriously enough? A survey of security professionals found that over half believe management are ignoring advice designed to help them stay safe from cyberattacks.

Under half of organisations believe they're fully ready to respond to a cyberattack or data breach -- despite most senior executives and chief information security officers (CISOs) believing that the threats posed by hacking and other malicious cyber incidents will escalate in 2020 and beyond.

The Cyber Trendscape 2020 report from cybersecurity company FireEye sheds light on how CISOs across the world are feeling about the current cyber threat landscape. The study found that just under half (49%) believe their organisation is fully ready to face a cyberattack or a data breach.

Organisations in the US are most confident about their ability to respond well to a cyberattack, with almost three quarters (72%) of the opinion that they're fully ready. In contrast, just a quarter of organisations in Japan believed they're fully ready to face a cyberattack or data breach.

SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)  

Meanwhile, 47% of organisations say they're 'somewhat ready' to handle a cyberattack, but fear there are areas of the business that would struggle to respond well to a hacking incident.

A small number of organisations (4%) say they're not ready to face a cyberattack at all. This might not sound like a large number, but it accounts for one in 25 organisations around the world.

When it comes to cybersecurity, organisations are taking a range of measures to boost protection, with security software, vulnerability management and employee training the most common means of increasing resilience against cyberattacks.

However, only a quarter of organisations believe their cybersecurity training programs can be classed as 'advanced', while just over a third rate training as 'semi-formal' and just under a third say the status of their employee cybersecurity program is 'informal'.

One in ten organisations say they don't have any form of training at all, which could leave them open to cyberattacks -- particularly when it comes to spear-phishing and other hacking techniques that rely on social engineering.

Top threats: Phishing and malware

Phishing is regarded as one of the attack types most likely to lead to data breach, with one in five of the CISOs surveyed by FireEye stating that targeted phishing is the most likely malicious activity that could lead to a security incident. Among organisations that have been targeted by a cyberattack in the past 12 months, almost 20% said they had been targeted by a phishing attack.

Malware is also viewed as a big threat to organisations, with around 20% stating it's the most likely cause of a data breach and the same number saying they've been targeted by a malware attack in the last year.

SEE: Thousands of QNAP NAS devices have been infected with the QSnatch malware

When it comes to the source of attacks, hacking groups are what organisations fear most, with a third of organisations of the opinion they're the most likely origin of hacking attempts. That's followed by individual hackers and professional criminal organisations as the second and third most likely sources of attacks.

Globally, nation states are viewed as the least likely origin of cyberattacks -- even ranking behind industry competitors and malicious insiders.

However, there is one country where nation states are viewed as the most likely source of cyberattacks: South Korea. This is due to a fractious relationship with its neighbour North Korea, and Pyongyang's support of malicious cyber activity, which has often targeted South Korea.

MORE ON CYBERSECURITY