Because of the surging level of cyber threats, it is now a well-known fact that cyberattacks have become a question of when – not if – they will occur. Having a resilient cyber defence in place has therefore become an essential cog in the business life cycle, as it enables organisations to rapidly respond to and recover from cyberattacks suffering minimal damage.
According to our survey, Danish organisations believe that they are either resilient to a high degree or to some degree when it comes to cyber threats in five key areas of their business.
What does the survey show?
According to our survey, an average of 71% of Danish organisations indicate that they are highly cyber resilient in terms of handling customer data. 29% believe that they are partly resilient, resilient to a lesser degree or not resilient at all.
When it comes to a key enabler of digital transformation, cloud services, roughly six out of ten organisations believe that they are highly resilient. Slightly more than one-third believe that they are resilient to some degree, while 4% indicate that they are either resilient to a lesser degree or not resilient at all.
When it comes to new technology, Danish organisations indicate a lower level of resiliency. On average, 43% believe that they are highly resilient in this area, while almost 50% believe that they are partly resilient. 8% believe that they are resilient to a lesser degree, while 1% state that they are not resilient at all.
On average, 46% of our respondents state that they are highly resilient to cyberattacks related to marketing and sales activities, while 54% indicate that they are partly resilient, resilient to a lesser degree or not resilient at all.
Finally, more than four out of ten respondents state that they are highly resilient to cyberattacks targeting suppliers and business partners, while approximately the same number of respondents feel partly resilient. One-tenth of the respondents believe that they are resilient to a lesser degree, while 2% feel that they are not at all resilient1.
Sector deep dive
The majority of businesses in the CGS and the ERS perceive their cyber defence to be highly resilient to cyberattacks when it comes to protection of customer data. For businesses in the FS, almost half of the respondents feel that they are only resilient in this area to some degree, to a lesser degree or not at all.
Assessing the participating businesses’ cyber resiliency when it comes to new technology, businesses in the FS again stand out compared to businesses in the CGS and ERS. 71% of the FS organisations find themselves to be partly resilient, resilient to a lesser degree or not resilient at all in terms of cyberattacks targeting new technology.
Finally, there seems to be a challenge with cyber resilience related to suppliers and third-party providers across the different sectors. 5% of the FS organisations state that they are not at all resilient in this area; none of the respondents from the other two sectors indicates this.
1. The question formulation has been altered slightly across the different sectors. We asked businesses in the consumer goods sector to assess their resiliency level in terms of suppliers and business partners, but we asked businesses in the financial sector and in the energy and resources sector to assess their resiliency level in terms of suppliers and business partners that are not system integrated.
Our survey shows a high level of perceived cyber resiliency when it comes to handling customer data. This is a positive development that can possibly be accredited to EU’s General Data Protection Regulation (GDPR) combined with an increased focus on data privacy and general compliance with privacy regulations. It is promising to see that the increased focus on and awareness of privacy issues have also led to increased confidence in handling and protecting customer data.
It is worth noting the significant differences between the FS and the other sectors. 53% of the respondents in the FS feel that they are highly resilient when it comes to handling customer data. Meanwhile, 78% of organisations in the CGS and 83% of organisations in the ERS feel that they are resistant to cyberattacks in the same area. Additionally, 7% of the FS organisations indicate that they are not at all resilient when it comes to handling customer data – the only sector to do so.
It is difficult to decipher the actual meaning of this result. It could be that the FS organisations have a more realistic understanding of the threats targeting customer data because of their higher cyber maturity levels, generally speaking. It could also be that FS organisations perceive this question more broadly than organisations in other sectors. Customer data is at the centre of what banks do, and a large data breach could result in significant financial and reputational losses, whereas the direct effects may be less severe in other sectors. Finally, it could also be an expression of FS organisations’ inability to fully comply with the privacy regulations. If this is the case, this is obviously a rather worrying result.
Assessing the organisations’ cyber resiliency when it comes to cloud services and new technology, FS organisations again stand out from the remaining sectors. According to 71% of the FS organisations, they are only partly resilient, resilient to a lesser degree or not resilient at all as regards to new technology. For organisations in the CGS and in the ERS, these numbers are 53% and 48%, respectively. A similar trend applies to cloud services.
A possible explanation for this is that, with the growing consumer demands and expectations, especially businesses in the CGS rely more on innovative technologies to help retain customer loyalty, surpass consumer expectations and create competitive advantages. This has necessitated a rapid increase in the adoption of new technologies, thus also an increased need for ensuring that resilient cybersecurity efforts are made.
The FS, FinTech (financial technology) companies aside, has historically not been as adaptable and accommodating as regards digital transformation due to internal and external challenges. This might have made the financial sector companies feel less cyber resilient in terms of new technology.
Finally, more than half of the respondents in each of the sectors indicate that they are only partly resilient, resilient to a lesser degree or not resilient as for cyberattacks targeting business partners and suppliers. This is a rather worrying result, as we have seen an increase in cyberattacks targeting the supply chain. An explanation could be that the transformation of the linear supply chains to interconnected ecosystems has made it increasingly challenging to manage risks across the entire supply chain. For large organisations, there may be several thousands of different third, fourth and fifth parties to consider.
Nevertheless, it is now more crucial than ever for organisations to conduct sound third-party risk management, as the cost of failure and regulatory scrutiny increases.
The bigger picture
Understanding core business processes
Identifying and protecting core business data / processes is critical to ensuring that the business resiliency is maintained during a cyberattack. This includes identifying the scope of what is deemed to be critical and having comprehensive fallback solutions, such as backups, that entail regular testing and validation. This will ensure that the core infrastructure, applications and data are made available to maintain core business operations.
Detect and Respond
Cyberattacks are part and parcel of reality. Visibility of threats is first paramount to ensuring that businesses have time to respond before the threat impacts the organisation. Developing a Security Operations Centre (SOC) and incident response (IR) capabilities is essential to proactively fight against potential cyberattacks and have access to subject matter experts who can contain and remediate such attacks.