Cyber-readiness is becoming an increasingly important quality for organisations of all descriptions to aim for. A recent report from Vodafone Business highlights the room for improvement that still exists for the majority of companies worldwide.
Nexor contributed expert commentary to the report, which assessed the cyber-readiness of businesses in 9 countries by surveying a total of 4,809 IT decision makers, employees and consumers. Businesses were scored on an index of 0 to 100 and classed as Basic, Reactive, Developing, Proactive or Advanced. The final two categories (reflecting a score of 60 and above) were classed as ‘cyber-ready.’ Only a quarter of businesses were classed as Proactive or Advanced.
Context and focus of Vodafone’s report
Vodafone’s report sheds light on an issue that Nexor exists to combat: a lack of appropriate cybersecurity in business. The need for businesses to understand their cybersecurity requirements is of paramount importance. Without the right measures in place, they run the risk of accidents or attacks causing them to lose customer trust and potentially face heavy fines.
The report assessed cyber readiness in six areas:
1. Digital footprint – specifically, the gap between employer and employee perception of a business’s footprint.
2. Cyber operations – businesses’ confidence in their ability to secure sensitive data and their investment in IT security.
3. Cyber resilience – the relevance of existing security policies.
4. Cyber strategy – the security support that employees receive from senior managers.
5. Employee awareness – the policies in place to train and correct employees.
6. Understanding risk – awareness of security issues, especially around new developments.
The scores in these areas were aggregated to produce the final cyber readiness index rating.
Key insights from the report
We were interested to see the outcome of the report. When the data emerged, we were unsurprised by the stories it told. Despite the importance of cybersecurity, we are well aware of the fact that many organisations are not aware of their own risk and are unsure of how to improve their processes. Here are some of the statistics that we found most telling:
- Only a quarter of businesses achieved a cyber readiness index score of 60/100 or more.
- Only 29% of decision-makers feel that their organisation is ready for the future.
- 46% of businesses don’t know who to turn to in order to improve their cybersecurity.
- Cloud tech, Information of Things and remote working are the biggest security challenges for organisations to tackle.
- Only 52% of employees say they have received cybersecurity training at work.
- 58% of Advanced businesses reported a revenue increase of more than 5% last year, compared to 22% of Basic organisations.
- 2 in 3 consumers are willing to pay more for higher levels of security.
From these statistics, we can identify two very important trends: most businesses are not cyber-ready and those businesses that are are seeing significant commercial benefits.
Nexor’s principal security consultant, Colin Robbins, was particularly interested in the performance advantages that cyber-ready businesses enjoyed over their competitors. Cyber-ready businesses outperformed other organisations on six out of six key metrics, with greater percentages reporting strong over-performance in:
- Focus on innovation
- Ability to deal with business risks
- Social and environmental responsibility
- Digital advantages
- Efficiency and processes
According to the report, an average of 43% of cyber-ready organisations reports overperformance in the above areas, compared to just 12% of non-cyber-ready organisations.
When asked to provide a comment for the result, Colin responded by saying:
“My interpretation of this finding is that a business that is efficient and well run has good business outcomes, and by virtue of being efficient and well run, it manages cybersecurity well – recognising cybersecurity is as much about people and processes as it is technology.” (page 27 of the report).
How to become cyber-ready
As we can see from the report, cyber-readiness involves multiple aspects of a business. A good place to start is by taking note of the six metrics that Vodafone surveys and identifying where your business can improve in each.
More specifically, we recommend looking at how to improve your technological security and your training processes. Having the best security solutions in place is always important and, as Colin said in the report, it is easy to overlook the role that the people in a business play in its security.
The cybersecurity solutions required by a business will always be unique to its situation. Businesses using cloud-based infrastructure will have different needs to businesses with servers on-site; businesses whose employees connect on multiple devices will have different needs to businesses whose employees work from a single desktop.
Nexor specialises in secure information exchange, which is a solution that suits businesses with high assurance environments. As part of our service, we are also able to help secure our clients’ cloud solutions and the Internet of Things connectivity.
These solutions are not right for every business. Depending on your size and needs, the cybersecurity risks and, therefore, solutions, will differ. Before going any further, assess your digital footprint and the risks you face, then move on to finding solutions.
Educating your employees
Investing in technology is only half of the answer. Many of the metrics on which cyber-ready businesses outscored their competitors were driven by people, not tech. To excel in innovation, customer-centricity and efficiency, a business needs the buy-in of all its employees.
A worrying statistic for businesses concerned with cyber-readiness is that 48% of employees report a lack of cybersecurity training. How can employees champion the security and efficiency of your business if they don’t know how they are responsible for it?
With employees’ buy-in, businesses will benefit not only from great levels of security but from the efficiency and quality improvements that come from motivated, educated staff.
Why cyber-readiness is important
If you’re not yet convinced that being cyber-ready should be a priority for your business, consider the consumer insight. Two-thirds of consumers will pay more for a secure service. According to the report, consumers are concerned about the security of a whole range of devices, including smartphones, laptops, home assistants, games consoles and more. If a business can offer security when interacting with consumers through those channels, they are likely to be rewarded for it.
In addition, high profile failings of big-name data controllers mean that consumers want to know that any data they provide is in safe hands. Anything that a business can do to assure its customers of the security of their data will be well-received.
If you want to find out how Nexor can help your business to become cyber-ready, get in touch with us today. One of our expert team will be happy to talk through your options with you.
Author Bio - Colin Robbins
Colin Robbins is Nexor’s Managing Security Consultant. He is a Fellow of the IISP, and a NCSC certified Security and Information Risk Adviser (Lead CCP) and Security Auditor (Senior CCP). He has specific technical experience in Secure Information Exchange & Identity Systems and is credited as the co-inventor of LDAP. He also has a strong interest in security governance, being a qualified ISO 27001 auditor.