Cybersecurity more important than ever for the business community
Threat level apparently up since pandemic started
At the end of March, shortly after the Dutch government introduced social distancing rules, market research agency GfK surveyed 577 businesses for us, each with ten or more employees. Thirty per cent said that they were concerned or very concerned about cybercrime, and 22 per cent said they'd been affected in the previous twelve months. Both figures are slightly up on the findings we reported in Trends in Online Security & e-Identity at the end of 2018. It seems that coping with the coronavirus doesn't mean businesses are paying less attention to cybersecurity. In fact, the perceived importance of the internet has increased since the restrictions came in.
Ransomware seen as the biggest cybercrime threat
Watch out for CEO fraud during the crisis Mind your old websites, or scammers may take them Cybercrime and SMEs: what you really should know about hacking!One of the main drivers of increased threat perception is ransomware. The incident at the University of Maastricht last December has apparently made a big impression. Nearly half of businesses now see ransomware as threatening, compared with just over a third at the end of 2018. And 22 per cent of respondents rated ransomware the biggest single cybercrime threat, pushing it to the top of the list. That's probably partly because ransomware generally targets operationally vital servers: the biggest fear amongst the surveyed businesspeople was losing control of their servers.
What form of cybercrime do you see as the biggest threat to your business?(n=577) | |
|---|---|
Ransomware | 22% |
Data breaches | 15% |
Malware/viruses | 14% |
Theft of IP/customer data | 10% |
DDoS attack | 10% |
Phishing | 8% |
Commercially sensitive data loss | 6% |
Identity fraud | 3% |
Spam | 3% |
CEO fraud | 1% |
Defacing | 1% |
CEO fraud isn't a major worry for most
A strikingly small percentage of respondents were worried about CEO fraud, where crooks con staff into making payments by sending mail in which they pose as executives. It's a trending form of cybercrime, but unlike ransomware it can only succeed with the victim's active involvement. And it doesn't directly affect systems. Major CEO fraud cases have frequently made the news in recent years.
Software is the business community's first line of defence
Businesspeople try to defend against cybercrime mainly with software: spam filters, virus scanners and regular updating are the most widely used tools and strategies. Human measures (training, password policies, etc) came next. Only 7 per cent of respondents had cybercrime insurance.
People want to know more
How satisfied are businesspeople with their own approach to cybersecurity? The survey revealed a mixed picture: 76 per cent were satisfied that their approach was effective, but some of that group weren't actually aware of all the threats or in control of them. More than half would like to have dashboards and tools to shed light on the cybersecurity situation in their organisations.
Most businesses aren't investing in cybersecurity
Investing in such cybersecurity tools isn't yet commonplace in the business community. Only 19 per cent of respondents expected to invest more in cybersecurity in the year ahead. Amongst those previously affected by cybercrime, the figure was significantly higher, at 30 per cent.
A lot more can be done
It seems that cybersecurity is increasingly seen as integral to normal business operations, even in smaller companies. However, many could do a lot more. In the small business sector especially, there are still people who think that nothing will happen to them. It often takes an incident to change people's minds. Over the last year, SIDN has therefore invested in the development of CyberSterk, a tool that enables SMEs to defend against cybercrime.