Business leaders' complacency exposed as one-third not intending to improve overall defences in the next 12 months
Veracode, Inc., recently released new research revealing the widening gap between software creation and software security, with the rush to innovate outpacing the urgency to secure the process.
The "Securing the Digital Economy" report highlights how investment in software and digital transformation is rapidly accelerating, with around one in five business leaders indicating that their software budget had increased 50 percent or more over the past three years to support digital transformation projects. However, the increased software development investment has not translated to greater security budgets or awareness of the security risks insecure software introduces: only 50 percent of business leaders surveyed understand the risk that vulnerable software poses to their business.
The report indicates that 25 percent of all business leaders surveyed in Britain and US report that they do not understand any of these common cybersecurity threats:
* Vulnerable software
* Vulnerable open source components
* Phishing attacks
* Malicious employee activity
* DDoS attacks
Business Leaders Not Aware of High-Profile Cyberattacks
The lack of understanding around cyber risk may be attributed in part to a lack of awareness of successful cyberattacks and their causes. Because business leaders are unaware of either the breaches themselves or the underlying causes, they are not compelled to learn about or defend against similar threats their company could face
* Despite being highly publicised and causing several high level executives to lose their jobs and the ex-CEO being forced to testify to Congress, only five percent of all business leaders surveyed indicated the Equifax breach prompted them to rethink their current business's approach to cybersecurity security;
* Only one-third of business leaders surveyed had heard of the global WannaCry ransomware attack, although awareness was greater among British business leaders at 40 percent. Just one in 10 reported it led them to rethink their approach to cybersecurity;
* Fifteen percent of business leaders surveyed in Britain and 19 percent of German business leaders had not heard of any of the high-profile cyberattacks listed in the survey; while just under half of all US, GB and German respondents reported cyberattacks have not led their current business to rethink or...