U.S.-UKRAINE BUSINESS COUNCIL

A strong international voice for business in Ukraine now
Promoting U.S.-Ukraine business relations since 1995
Washington D.C.

  • Home
  • About us
    • Mission
    • Executive Committee
    • Executive Staff
    • Senior Advisors
    • ARTICLES & BY-LAWS
  • Membership
    • How to Join
    • List of members
    • Board of directors
    • Members by Industry
  • News
    • Member News
    • USUBC Distinguished Service Award
    • USUBC Full Page Historic Adds in Kyiv Post
    • News Archive
    • USUBC Weekly News Digest
  • Events
    • Upcoming events
    • Past events
    • Pay for events
  • Gallery
    • Photos OF USUBC Events
    • USUBC Collection of historic photographs
  • Contact us
  • Links
News releases from usubc members
  • How to become a member
  • List of members
  • Legal news
    • USUBC
    • Asters
    • Avellum
    • Baker McKenzie
    • CMS Cameron McKenna
    • DLA Piper
    • EY
    • LCF Law Group
    • Kinstellar
    • KM Partners
    • KPMG
    • PwC
    • RULG
    • Sayenko Kharenko
  • USUBC in media
USUBC
Featured Galleries USUBC COLLECTION OF OVER 160 UKRAINE HISTORIC NEWS PHOTOGRAPHS 1918-1997 Holodomor Posters

Annual global EY survey finds organizations are still unprepared for inevitable cyber attacks

alt

EY LLC, Kyiv, Ukraine, 
mon, Nov 24, 2014



·        Over a third (37%) of organizations have no real-time insight on cyberrisks, lacking agility. They also lack budget and skills to combat risingcybercrime

·        #1 vulnerability to cybercrime revealed as careless or unaware employees,while #1 threat is the theft of financial information

·        Organizations need to be in a constant state of readiness, anticipatingwhere new threats may arise

London and Kyiv, 24 November 2014 – Companies are lacking the agility,the budget and the skills to mitigate known vulnerabilities and successfullyprepare for and address cybersecurity. Forty-three percent of respondents saythat their organization’s total information security budget will stayapproximately the same in the coming 12 months despite increasing threats,which is only a marginal improvement to 2013 when 46% said budgets would notchange.

Over half (53%) say that a lack of skilled resources is one ofthe main obstacles challenging their information security program and only 5%of responding companies have a threat intelligence team with dedicatedanalysts. These figures also represent no material difference to 2013, when 50%highlighted a lack of skilled resources and 4% said they had a threatintelligence team with dedicated analysts.

”Careless or unaware employees” is revealed as the number onevulnerability companies face, with 38% of respondents saying it is their firstpriority, and ”outdated information security controls or architecture” and“cloud computing use” are second and third respectively (35% and 17%).”Stealing financial information,” “disrupting or defacing the organization” and“stealing intellectual property or data” are the top three threats (28%, 25%and 20% respectively say it is their first priority).

This year’s survey finds that organizations need to do a betterjob of anticipating attacks in an environment where it is no longer possible toprevent all cyber breaches, and where threats come from ever more resourcefuland well-funded sources.

Paul van Kessel, EY’s Global Risk Leader, says:

“Organizations will only develop a risk strategy of the futureif they understand how to anticipate cybercrime. Cyber-attacks have thepotential to be far-reaching – not only financially, but also in terms of brandand reputation damage, the loss of competitive advantage and regulatorynon-compliance. Organizations must undertake a journey from a reactive to aproactive posture, transforming themselves from easy targets for cybercriminalsinto more formidable adversaries.

“Too many organizations still fall short in mastering thefoundational components of cybersecurity. In addition to a lack of focus at thetop of the organization and a lack of well-defined procedures and practices,too many of the organizations we surveyed reveal they do not have a securityoperations center. This is a major cause for concern.”

The report encourages organizations to embrace cybersecurity asa core competitive capability. This requires keeping the organization in aconstant state of readiness, anticipating where new threats may arise andshedding the “victim” mindset of operating in a perpetual state of anxiety. Toreach this state, the report recommends:

  • Remaining alert to new threats: Leadership should address cyber threats/risks as a core business issue, and put in place a dynamic decision process that enables quick preventative action.
  • Understanding the threat landscape: Organizations should have a comprehensive, yet targeted, awareness of the wider threat landscape and how it relates to the organization, and invest in cyber threat intelligence.
  • Knowing your “crown jewels”: There should be a common understanding across the organization of the assets that are of greatest value to the business, and how they can be prioritized and protected.
  • Focusing on incident and crisis response: Organizations should regularly test the organization’s capabilities.
  • Learning and evolving: Cybersecurity forensics is a critical piece of the puzzle. Organizations should closely study data from incidents and attacks, maintain and explore new collaborative relationships and refresh their strategy regularly. 

Ken Allan, EY’s Global Information Security Leader, says:

“Beyond internal threats, organizations also need to thinkbroadly about their business ecosystem and how relationships with third partiesand vendors can impact their security posture. It’s only by reaching anadvanced stage of cybersecurity readiness that an organization can start toreap the real benefits of its cybersecurity investments. By putting thebuilding blocks in place and ensuring that the program is able to adapt tochange, companies can start to get ahead of cybercrime, adding capabilitiesbefore they are needed and preparing for threats before they arise.”

For further information and to download the 2014 report, visit www.ey.com/GISS 

About the report

EY’s Global Information Security Survey was conducted betweenJune and August 2014. The 1,825 respondents were from across all majorindustries and in 60 participating countries.  

For the survey, EY invited chief information officers, chiefinformation security officers, chief executive officers and other informationsecurity executives to take part. The majority of the survey responses werecollected during face-to-face interviews. When that was not possible, thequestionnaire was conducted online.

About EY
EY is a global leader in assurance, tax, transaction and advisory services. Theinsights and quality services we deliver help build trust and confidence in thecapital markets and in economies the world over. We develop outstanding leaderswho team to deliver on our promises to all of our stakeholders. In so doing, weplay a critical role in building a better working world for our people, for ourclients and for our communities.

EY works together with companies across the CIS andassists them in realizing their business goals. 4,800 professionals work at 21CIS offices (in Moscow, St. Petersburg, Novosibirsk, Ekaterinburg, Kazan,Krasnodar, Togliatti, Vladivostok, Rostov-on-Don, Yuzhno-Sakhalinsk, Almaty,Astana, Atyrau, Bishkek, Baku, Kyiv, Donetsk, Tashkent, Tbilisi, Yerevan, andMinsk).

EY refers to the global organization, and may refer toone or more, of the member firms of Ernst & Young Global Limited, each of whichis a separate legal entity. Ernst & Young Global Limited, a UK companylimited by guarantee, does not provide services to clients. For moreinformation about our organization, please visit ey.com.

This news release has been issued by EYGM Limited, amember of the global EY organization that also does not provide any services toclients.

 

Tweet
USUBC on social media
USUBC on LinkedIn USUBC on Youtube USUBC on Facebook
© USUBC 2015 - 2024