Most companies still can't spot incoming cyberattacks

More than three quarters of organisations vulnerable to hackers due to lack of cybersecurity staff or tools, says report.
Written by Danny Palmer, Senior Writer on

Businesses are aware of cyberthreats - but lack the resources to properly monitor them

Image: iStock

Four out of five businesses lack the required infrastructure or security professionals with relevant skills to spot and defend against incoming cyberattacks.

According to a new report by US cybersecurity and privacy think tank Ponemon Institute on behalf of cybersecurity firm BrandProtect, 79 percent of cybersecurity professionals say that their organisations are struggling to monitor the internet for the external threats posed by hackers and cybercriminals.

Just 17 percent of respondents say that they have any sort of formal process in place for intelligence gathering which is applied across the whole company.

The report found that 38 percent of organisations don't have any policy on threat intelligence gathering at all, while 23 percent have an approach that is 'ad hoc' at best. A further 18 percent say they do have a formal process in place, but it isn't applied across the entire enterprise.

The Ponemon Institute claimed that businesses are on average experiencing more than one external cyberattack a month, with these repeated security breaches resulting in an annual average cost of around $3.5m.

But while many companies are failing to properly monitor external threats, the majority do recognise that they should be carrying out activities such as monitoring mobile apps, looking out for social engineering and phishing attempts, and keeping an eye on cyber threats - around 60 percent of respondents listed these activities as essential or very important to their business.

So why aren't more organisations actively pursuing these leads in the interests of protecting themselves against hacks and data breaches? The study reported that there's an insufficient awareness of risk across whole organisation.

Half of respondents suggested that this was one of the main barriers to achieving effective cybersecurity, while almost as many described a lack of knowledgeable staff and a lack of tools as barriers to this goal - echoing previous reports of a severe lack of cybersecurity professionals and understanding of the risks caused by poor defences.

Because of this lack of in-house expertise, many organisations are looking to outsource the monitoring of the internet and social media to an external company. Around 35 percent said they already follow this approach, while a further 21 percent said they plan to do so within the next two years in order to provide their organisation with as much protection as possible.

"The majority of security leaders understand that these external threats imperil internet business continuity," said Larry Ponemon, president of the Ponemon Research Institute.

The research is based upon a survey of almost 600 respondents at 500 different companies in the US.

Read more on cybersecurity

Editorial standards