In an ideal world, cyber security would be deeply rooted in every organisation and permeate every action and decision.
Cyber experts in the Danish ER&I sectors agree that the threat of cyber attacks is increasing. In many areas, they also see themselves as highly resilient to attacks. But, in their own view, how well are businesses performing overall?
What does the survey show?
When asked to which degree they have obtained the ideal cyber defence, 9% of the surveyed businesses perceived themselves as highly secure, ranking themselves at nine or even ten on the security spectrum. 18% rank themselves an 8. 29% rank their security performance at a seven. 30% rank themselves at five or below.
Q: Imagine an ideal organization where cyber security is deeply rooted, the organization’s cyber resources are sufficient and there is a clear threat assessment and contingency plan. How close do you believe your organization is to that ideal?
In the section on cyber resiliency we saw a high degree of confidence within Danish ER&I businesses. However, when it comes to the overall perception of performance, that confidence seems to dip.
It is worrying that 30% of the surveyed businesses rate themselves 5 or lower on the security spectrum. This means there is plenty of room for improvement. However, it can also be interpreted as promising that a majority of 56% rate themselves a seven or higher.
There is no doubt, however, that the consumer demand for cyber security is increasing. Cyber has already become an essential part of modern governance and compliance and soon unsafe products and companies will lose to safer competitors. Thus, security is necessary in order to be taken seriously as a partner or supplier.
It is an important leadership task to take this responsibility seriously and keep in mind that there is no commercial performance worth achieving if cyber security is not obtained first.
The bigger picture
A tough challenge
Businesses in energy, resources and industrials are often highly intertwined with the geopolitical landscape. They need to navigate internationally, managing various stakeholders while keeping production running. This also means that they are often up against the most advanced adversaries in the risk landscape in the form of state-funded attackers. This results in tougher requirements for cyber security than in almost any other sector. Thus, it remains essential for large ER&I businesses to implement cyber security across the whole organisation.
Strategic self-defence plan
Creating an operational plan and a strategic plan to defend an organisation against cyber threats starts with a detailed threat assessment and weighing of the likelihood of the threats materialising, as well as conducting analyses and penetration tests in order to map and expose the organisation's vulnerabilities. As next steps, security efforts must be prioritised, a budget has to be drawn up, and the strategically most important actions before, during and after an attack need to be identified and operationalised.