The state of cybersecurity seems to be getting better, though there’s always room for improvement. According to a recent report by CompTIA, “The State of Cybersecurity 2024”, more companies see the need to take a proactive approach and look at cybersecurity from a risk management standpoint. Read on to learn what this might mean to your efforts to protect technological assets.

 

Encouraging Signs, with Room for Greater Improvement

 

In recent years, businesses have made strides in adopting a proactive stance toward cybersecurity, according to the CompTIA report. Of the small to medium-size businesses surveyed, solid percentages have formal frameworks for cybersecurity (45% for small businesses, and 63% for medium-size companies. Many small companies are assessing their risk, but without a formal framework. Over the last year or so, general satisfaction about the state of cybersecurity has increased, as well as satisfaction of respondents with their own company’s cybersecurity. Even with these modest increases, progress is still somewhat slow.

 

In spite of said progress, data breaches still occur. The global average cost of a data breach is $4.45 million! In 2022,  96% of organizations had at least one breach, according to a report cited by CompTIA. The top of mind question is quite naturally “What is the cost of a cybersecurity incident?” What if organizations could also ask what the cost is not just in terms of money but in time and effort taken to prevent an incident? 

 

Constructing a Risk-Management Plan

 

Cybersecurity has often been considered a secondary factor in the past, but businesses are now shifting from a defensive posture to a proactive one. Risk management involves identifying the risks that come with doing business; assigning probabilities to specific risks relevant to the company; and proposing mitigation plans. A formal framework is helpful in considering all risks, including ones not normally connected with IT. One such risk comes from phishing schemes, where individuals are targeted with email containing links to ransomware. Many workers posting on social media sites could make their employers targets for these social engineering attacks. One concern cited by the cybersecurity report was whether new technology a company buys can introduce new cybersecurity concerns. 

 

Many factors need to be considered when analyzing and managing cybersecurity risks. For help with your company’s efforts, contact your trusted technology advisor today.