A survey from Nixu reveals significant security concerns
A new survey from cyber security company Nixu reveals significant security concerns among Northern European organisations.
39% of respondents assess themselves as having poor or deficient cybersecurity maturity. The survey also reveals that supply chain security is increasing its importance as a key issue, focus on risk management is surprisingly low, and deep expertise is the service providers’ most valued quality. Additionally, cyber security budgets are often not optimally spent.
The Nixu Cybersecurity Index measures cyber security maturity in Northern European organisations by evaluating four aspects of cyber security performance: current state, management, financial investments, and future development plans. In the first survey conducted with this approach, the average score was 67, which is barely satisfactory on the 10–100 scale. The scores are based on self-assessment.
The survey was conducted in September–October 2022. It includes responses from 180 Northern European cyber security leaders from various industries and countries, sharing their views on the current and future state of cyber security in their organisations.
According to the survey results, security awareness is identified as the most critical cyber security capability, and organisations plan to strengthen it in the next 12 months. On the other hand, cyber security decision makers assess risk management as a surprisingly uncritical capability. Only 24% stated that risk management is one of the most critical capabilities, and just 21% are planning to strengthen it within the next year. Nevertheless, more than a third of the respondents (38%) say risk management is not well initiated.
“This indicates that cyber security has been driven more as a technology item than an integral part of corporate risk management. But the fact is that cyber security is all about risk management, and it should be addressed as a business issue,” said Jan Mickos, Business Area Lead, Managed Services, at Nixu.
The role of supply chain security is among the key trends revealed by the survey. Respondents see it as the hottest topic in cyber security within the next 12 months. It is replacing ransomware as their leading topic during the last 12 months. A typical supply chain cyberattack can be targeted against one critical service largely used within a specific industry. For instance, the retail sector has already experienced such attacks when payment system providers have been breached.
“It is very difficult to defend against these kinds of attacks, but they are preventable. The real shortcomings and the main responsibility for preventing attacks through the supply chain lies, of course, with the suppliers, mainly the software companies. They need to convince customers that their products both work and are secure. For a long time, we have been able to take this more or less for granted, but it is reasonable that liability issues and guarantees will be given higher priority in IT procurement in the future,” said Jan Mickos.
26% say their cyber security budget is not spent in the most effective way. On the other hand, two thirds of the respondents are certain or quite certain that their cyber security spending is optimised and appropriate.
Organisations value quality strongly over price when making cyber security decisions. A service provider’s deep expertise in cyber security was valued highly or extremely highly by 97% of respondents.
Nixu has operated in the cyber security field for more than 30 years. In recent decades, the field has evolved and changed significantly. Current geopolitical developments also increase the need for comprehensive security thinking, regardless of industry or geographic location.
“Under such circumstances, any organisation benefits from seeking assistance to remain on the safe side and do it effectively. Since there is a global cyber security skills shortage, organisations should not compete in who gets to recruit. Instead, the best way to go is to outsource cyber security and make skills scale for everyone,” Mickos concluded.
The whole survey report is available here.