One survey suggests that these respondents had such high confidence levels in their firms’ cyber preparedness that they ignored best cyber-practices

In a survey of around 6,500 executive leaders, cybersecurity professionals and office workers in October 2022 across the US (21%), the UK (10%), Australia (10%), China (9%), France (10%), Germany (10%), India (10%)  Japan (10%) and the Netherlands (10%) about their organizations’ ability to stave off a damaging security breach, 97% of respondents who were leaders and security professionals indicated that their organisation was “prepared” or “more prepared” for this ability than they were a year ago.

Approximately half of respondents indicated they were “very prepared” to meet the growing threat landscape including ransomware, poor encryption and malicious employees, but expected safeguards such as deprovisioning credentials was ignored a third of the time, and nearly half of respondents indicated they suspected a former employee or contractor could still have active access to company systems and files.

Also, data indicated that respondents were racing to fortify against cyberattacks, with 92% of security professionals indicating they “had a method to prioritize patches” and also that “all types of patches rank high.” For the year ahead, cybersecurity insiders surveyed viewed phishing, ransomware and software vulnerabilities as top industry-level threats.

According to Dr Srinivas Mukkamala, Chief Product Officer, Ivanti, which commissioned the survey:

“Patching is not nearly as simple as it sounds. Even well-staffed, well-funded IT and security teams experience prioritization challenges amidst other pressing demands. To reduce risk without increasing workload, organizations must implement a risk-based patch management solution and leverage automation to identify, prioritize and even address vulnerabilities without excess manual intervention.”