4 ways businesses can close the cyber risk gap

Article 22-Oct-2024 Read time: 1 min

Listen to article

0:00 0:00

Cybersecurity has become a critical concern for governments and businesses worldwide in the rapidly evolving digital landscape. As organizations navigate increasingly complex and sophisticated cyber threat environments, how prepared are they to mitigate these risks?

Along with AWS, Kyndryl surveyed IT decision-makers from over 600 large enterprises across seven industries and 12 countries to understand their preparedness for fast-changing cybersecurity threats. According to the survey, over half (54%) of large organizations reported experiencing a disruptive cyberattack in the last year, with 61% facing four or more attacks. And while 94% of survey respondents feel prepared to mitigate cyberattacks, 71% believe they are likely to experience a disruptive incident in the next year. This disconnect reveals an opportunity to bridge the gap between perceived readiness and actual resilience.

Here are four cybersecurity challenges organizations face — and the strategies they can adopt to move from risk to resilience.

Challenge

Survey respondents noted that their top operational security challenge is preparing for emerging threats (for example, nation-state attacks, generative AI attacks, quantum computers breaking encryption and more).

Opportunity

Organizations should align their risk teams, develop strategies to manage future risks and comply with emerging global cybersecurity regulations. For example, mapping IT assets to critical business processes will help an organization understand its overall risk profile from regulatory, operational and legal perspectives in the event of a cyber event. To do this, organizations must be willing to take a step back and assess their security risk from the broader lens of their business or government operations.

Challenge

While 94% of organizations feel confident handling changing regulatory dynamics, most lack clear roadmaps for business continuity in the face of emerging regulations. Risk team outlooks are siloed and do not complement business objectives.

Opportunity

New cyber regulations require organizations to break down silos among security, legal, procurement, operations and more to create a cohesive cybersecurity mindset. Driving better alignment between risk teams and business processes can help reduce the potential for catastrophic fallout from a cyberattack.

Challenge

Over 40% of survey respondents use more than 20 security tools each. Using so many different — and not necessarily complementary — tools can cause security teams to burn out, resulting in a loss of capabilities to fend off cyberattacks.

Opportunity

Reevaluating the security tools and analyzing capabilities can lead to better preparedness for cyberattacks and more insightful decision-making on security spending. Specifically, consolidating tools into a centralized platform can reduce complexity and improve system visibility and incident response times.

Challenge

Business leaders and board-level support for cybersecurity is a major challenge, with 69% of large organizations reporting a lack of this critical support. In addition, 73% of security leaders noted that their boards of directors are not actively interested in their organization’s security readiness.

Opportunity

To help garner C-suite and board-level engagement and support, security leaders may find value in strong risk quantification tools that can help them translate the impact of a cyber event into business terms. This will help business leaders understand the potential impact of a cyberattack and lead them to make strategic decisions to help security teams mitigate the impact of a cyber event.

It is also essential to recognize that human error remains the most significant risk in protecting digital information. By investing in cybersecurity education for employees, businesses can transform their workforce into a first line of defense against cyber threats.

Cybersecurity will remain a top concern for businesses. However, by addressing key challenges, organizations can enhance their security posture to maintain public services, gain competitive advantages and become resilient in the digital age.

For a broader look at how ready businesses are for future risks and technology transformation beyond cybersecurity, read Kyndryl’s Readiness Report.

Read the report

In recognition of Cybersecurity Awareness Month, this is the third installment of a series in October that highlights how organizations can go from risk to resilience.