Cyber security is now an agenda item in the boardroom, not just the IT department, in the wake of May’s Ransomware attack and the countdown to GDPR compliance well underway.
In May, multiple organizations including the NHS, Spain’s Telefónica and Deutsche Bahn were struck with what is arguably the world’s most publicized cyber-attack. Within a day, the ransomware cryptoworm known as WannaCry crippled over 230,000 computers in over 150 countries.
This has been one of the most globally damaging ransomware attacks to date. Even months after the attack, many organizations are still in the process of liberating their systems of the infection, making both businesses and employees around the world rethink their approach to cyber security.
We recently commissioned a survey of 600 business decision makers and 1,200 employees across the UK, US, Germany, and Australia about the attack. The independent survey was carried out by Vanson Bourne and one key finding was 29% of UK firms intending to add cyber security to the boardroom agenda.
How the WannaCry attack changed attitudes to cyber security:
- Cyber security is front of mind for both individuals and businesses with over three quarters (77%) of the people surveyed having knowledge of the attack, with the number even higher (88%) in the UK. Cyber security is no longer a problem restricted to the IT department and there is now a growing awareness among all employees, which will raise the bar for businesses to ensure they are fully protected against attacks.
- Employees are swatting up on cyber security with 38% of employees that were aware of the attack worldwide now reading more about cyber security. Additionally, 33% have changed their passwords, formally enrolled in courses (24%), or are taking steps to ensure their companies raise their game in cyber security (26%). With more employees ensuring they adhere to cyber security best practices, pressure will be on businesses to ensure they do the same.
- Boardrooms are recognizing the importance of cyber security with 29% of UK firms intending to add cyber security to the boardroom agenda. What’s more, 29% of firms worldwide have pledged to implement stronger cyber security measures, with 58% of UK organizations expecting another attack in the immediate future. As the C-suite changes its approach to cyber security, organizations will need to look at how they update their policies, procedures, and technology to mitigate against future attacks as well as preparing for the introduction of new data regulations that are on the horizon.
- UK employees are least likely to take action on changing their passwords, reading more about cyber security or even asking their company for advice. Whilst this may be surprising to learn with the NHS taking centre stage for much of the attack, those in the US (49%), proved most likely to take action, followed by Australia (43%), Germany (37%) and then the UK (35%).
In the past year alone we’ve seen a real change in attitude when comes to ransomware; with a 70% growth in our Advanced Threat Protection solution, more organizations are looking for an advanced level of protection against ransomware. However, if boards are to truly take a proactive stance on cyber security then implementing a range of the latest security technologies will be paramount. Providing multiple layers of security ensures attacks are stopped at the boundary, before they enter a network, by removing the source of an attack from documents and attachments shared into an organization.