One in ten companies has no strategy at all for responding to specific cyber security incidents. This is one of the key findings from the CIO report “Leading your busineess through cyber risk”, published by Barracuda Networks Inc, a provider of cloud-first security solutions. The report draws on data from Barracuda’s international Cybernomics 101 study and analyzes how challenges in the areas of security policy, management, third-party access and supply chain can impact an organization’s capabilities. The report also shows how companies can appropriately manage and respond to cyber risks.

Further findings from the report:

• Only 43 percent of all organizations surveyed have confidence in their ability to adequately manage and respond to cyber risks, vulnerabilities in their systems and networks, and cyber attacks.
• Around half of the companies surveyed have difficulties implementing consistent, company-wide security policies.
• A third of the companies surveyed have concerns about the security of their supply chains.

The report also includes an organizational cyber resilience checklist created by Barracuda experts based on the NIST 2.0 Cybersecurity Framework from the US National Institute of Standards and Technology to help organizations improve their cyber resilience.

The results of the report show, among other things, that many companies still find it difficult to implement company-wide security policies such as authentication measures and access controls: Almost half (49 percent) of respondents in small and medium-sized enterprises (SMEs) cited this as one of the top two challenges facing senior management. In addition, more than a third (35 percent) of respondents in SMEs have concerns that their leadership does not recognize cyberattacks as potentially serious risks. In larger companies, on the other hand, the challenges are more likely to be a lack of budget (38 percent) and finding qualified cybersecurity professionals (35 percent).

Many companies are also concerned about the lack of security and ability to control their supply chains, as well as a lack of transparency when working with third parties who have access to sensitive or confidential data. Around one in ten companies also do not have a contingency plan to fall back on in the event of a successful cyber attack.

“For many companies, a security incident is now inevitable sooner or later,” says Siroui Mushegian, CIO of Barracuda Networks. “Being prepared is essential when it comes to surviving and responding appropriately to such incidents – that’s cyber resilience. While modern, comprehensive security solutions do much of the work in this regard, successful cyber resilience also depends on governance within the organization, i.e. the policies and measures put in place by senior management and many other internal factors that enable an organization to manage cyber risks sensibly. The National Institute of Standards and Technology has also defined security governance as a strategic priority as part of its updated cybersecurity benchmark framework published in early 2024.”

The report provides organizations with practical templates for cyber risk management processes and a cyber resilience checklist. This checklist is based on the latest version of the US National Institute of Standards and Technology (NIST) Cybersecurity Framework and can be downloaded free of charge from the Barracuda website.

Resources

A copy of the report and the cyber resilience checklist can be found here https://www.barracuda.com/reports/cyber-resilience-report

Methodology for the Cybernomics 101 study
The study data comes from a survey of 1,917 IT security professionals from organizations with 100 to 5,000 employees across various industries in the United States (522), the United Kingdom (372), France (329), Germany (425) and Australia (269). The survey was conducted in September 2023. All respondents are involved in the management of their company’s IT security.