They still have a lot to learn.
In terms of cyber protection, in the first half of last year Hiscox noted an improvement in the 'preparedness gap' of Spanish companies in the face of cyber threats, according to the 'Hiscox Cyber Readiness Report 2020' analysis. In figures, those qualified as 'experts' went, in just one year, from representing 9% to 14% of the total analyzed. However, despite this positive figure, Spain continues to be the country with the highest number of companies classified as 'novices' (72%).
Only 13% of SMEs are 'experts' in cybersecurity.
Cyber-preparedness increases in line with the size of the companies: 21% of companies with more than 250 employees, 13% of SMEs and 5% of micro-SMEs obtain the highest rating. At the other extreme, 82% of micro-SMEs, 76% of companies between 10 and 250 employees and 61% of the large companies analyzed in the study are classified as "novices".
In one year, investment in cyberprotection has increased by six points.
However, measures are being taken and, according to this same report, Spanish companies have gone from being among those that set aside the lowest percentage of their IT budget for this area (8.80% in 2019), to leading the ranking: today the average percentage is 14.93%, growing six points in just one year to three points above the average of the 2020 study (12.95%).
In addition, Spain occupies the 'Top 3' in the forecast of increased investment in cybersecurity, training and recruitment for the next 12 months, along with the US and Great Britain.
Moreover, according to the report 'The State of Cybersecurity in Spain', by Deloitte, more and more in cybersecurity. For example, in 2018, this item accounted for 8.5% of the budget allocated to IT/OT. The figure in 2019 reached 9%.
76% choose outsourcing.
Most of the companies interviewed in the Deloitte report have more than 1,000 employees, but 70% of the total dedicate less than ten employees to cybersecurity. This figure clearly shows that this type of service is often outsourced, with 76% of companies choosing this option.
More activity requires a larger budget and appropriate optimization of resources. Minimizing cyber-attacks should be seen as an investment and not as a cost, as it implies long-term savings. The study correlates the budget invested with the number of significant cybersecurity-related incidents. Companies that spend less than 3% of their budget on cybersecurity typically suffer up to two major attacks in a single year.
Certifications, framework and training.
Although security certifications increase the value of companies' services and products, they are still perceived as a dispensable effort. More than half of the companies surveyed, 60%, do not have any in the field of cybersecurity. Among those that do have some certification, 30% of them are ISO/IEC 27001 certified, and of these, 67% also have ISO 22301.
In any case, when talking about the framework used to manage cybersecurity, 75% of companies say that they continue to use ISO as a reference standard despite not having certification. As a security framework, the Deloitte CSD stands out for its growth, as it is used by 28% of organizations (10.5% the previous year).
Of greater concern is the training of CISOs, with up to 70% holding some type of certification related to some aspect of cybersecurity, the three most common being CISM (40%), CISA (32%), and ISO 27001 Lead Auditor (23%).
In the wake of the pandemic, what has increased is employee training and awareness, which now reaches 3 out of 4 employees. It should be borne in mind that email management is one of the main ways of provoking a cyber-attack.
Security review, a pending task.
Adoption of new technologies is rapid among respondents. Almost all companies are already working in cloud environments and up to 87% have Internet of Things (IoT) devices. However, only 20% perform security reviews on all their critical applications compared to 59% who only do so on half of them.
Attention to cloud environments is much higher in sectors such as Energy and Resources, while the Manufacturing sector pays more attention to IoT-related issues.
News Source: Adn del Seguro 15/02/2021