Subscribe
  • Home
  • /
  • Software
  • /
  • New report from CA Veracode reveals business leaders only address cyber security under duress

New report from CA Veracode reveals business leaders only address cyber security under duress

Business leaders' complacency exposed as one-third not intending to improve overall defences in the next 12 months.

Issued by Blain Communications for CASA Software
Johannesburg, 26 Jan 2018
Jaco Greyling, CA Southern Africa. CTO Enterprise DevOps.
Jaco Greyling, CA Southern Africa. CTO Enterprise DevOps.

CA Southern Africa has announced that Veracode, a leader in securing the world's software, and acquired by CA Technologies, has released new research revealing the widening gap between software creation and software security, with the rush to innovate outpacing the urgency to secure the process.

The "Securing the Digital Economy" report highlights how investment in software and digital transformation is rapidly accelerating, with around one in five business leaders indicating that their software budget had increased 50% or more over the past three years to support digital transformation projects. However, the increased software development investment has not translated to greater security budgets or awareness of the security risks insecure software introduces: only 50% of business leaders surveyed understand the risk that vulnerable software poses to their business.

The report indicates that 25% of all business leaders surveyed in Britain and US report that they do not understand any of these common cyber security threats:

* Vulnerable software.
* Ransomware.
* Vulnerable open source components.
* Phishing attacks.
* Malicious employee activity.
* DDOS attacks.

Business leaders not aware of high-profile cyber attacks

The lack of understanding around cyber risk may be attributed in part to a lack of awareness of successful cyberattacks and their causes. Because business leaders are unaware of either the breaches themselves or the underlying causes, they are not compelled to learn about or defend against similar threats their company could face. For example:

* Despite being highly publicised and causing several high-level executives to lose their jobs and the ex-CEO being forced to testify to Congress, only 5% of all business leaders surveyed indicated the Equifax breach prompted them to rethink their current business's approach to cybersecurity security;

* Only one-third of business leaders surveyed had heard of the global WannaCry ransomware attack, although awareness was greater among British business leaders at 40%. Just one in 10 reported it led them to rethink their approach to cyber security;

* Fifteen percent of business leaders surveyed in Britain and 19% of German business leaders had not heard of any of the high-profile cyber attacks listed in the survey (full list can be found in this chart); while just under half of all US, GB and German respondents reported cyber attacks have not led their current business to rethink or update their cybersecurity approach.

We are seeing some shift in awareness, of the 33% who indicated that a cyber attack on another company had led their business to rethink its approach to cyber security, many have either taken steps to improve their software security or plan to over the next 12 months.

More than one-third (34%) have or will over the next 12 months start scanning or already more regularly scan for vulnerabilities in software; while one-fifth either have or will set security thresholds for software built by third-party providers and for all commercial out-of-the-box applications (22 percent and 20%, respectively).

While there may be some shift in awareness, not all business leaders have woken up to the risks of the evolving cyber threat landscape. One-third of business leaders surveyed revealed that they plan to take no new steps to improve their organisations' overall cybersecurity in the next 12 months.

"Digital transformation presents both massive opportunity to innovate and significant security risks, with 77% of applications having at least one vulnerability when first scanned, which could be exploited to inject ransomware or steal data," says Jaco Greyling, Chief Technology Officer, DevOps solutions, CA Southern Africa.

Many business leaders have yet to fully grasp the most common cyber threats to their business, nor are they keeping up with some of the most catastrophic cyber events of our time. We need to bridge this disconnect between business leaders and the cybersecurity threat: without greater awareness of the threats and what is needed to defend against them, their company could easily be the next headline."


Executives will act when you talk about the personal risk

While high-profile breaches do not in themselves prompt great change in behaviour, when confronted with the possibility of personal accountability in the event of a breach, executives are more likely to take action. More than a third of the business leaders surveyed said the personal risk to executives outstripped compliance as a driver for board members.

Articulating the potential brand damage for senior executives from a data breach and the risk to their job security was recommended by 38% and 35% of business leaders surveyed, respectively, as a way to engage a board on cybersecurity, compared to just 29% who suggested that highlighting the potential fines of data protection regulations, like GDPR.

To download the Securing the Digital Economy report, click here. To view the report infographic, click here.

Methodology

CA Veracode commissioned YouGov to survey 1 403 business leaders across Britain (653), the US (506) and Germany (244) about their company's digital transformation initiatives and understanding of cyber security. The polling was conducted online over a nine-day period between 25 September and 4 October 2017.

Follow CA Technologies:
* Twitter
* Social Media Page
* Press Releases
* Blogs

Share

CA Veracode

Veracode, CA Technologies' application security business, is a leader in helping organisations secure the software that powers their world. Veracode's SAAS platform and integrated solutions help security teams and software developers find and fix security-related defects at all points in the software development lifecycle, before they can be exploited by hackers. Its complete set of offerings help customers reduce the risk of data breaches, increase the speed of secure software delivery, meet compliance requirements, and cost-effectively secure their software assets - whether that's software they make, buy or sell.

Veracode serves over a thousand customers across a wide range of industries, including nearly one-third of the Fortune 100, three of the top four US commercial banks and more than 20 of Forbes' 100 Most Valuable Brands. Learn more at www.veracode.com, on the Veracode blog, on Twitter and in the CA Veracode Community.

CA Southern Africa

CA Southern Africa is the leading provider of IT management and security solutions in Sub-Saharan Africa.

CA Southern Africa enables customers to embark on the digital transformation journey necessary to seize the opportunities presented by the application economy. Today, software is at the heart of every business in every industry and CA Southern Africa is assisting our customers - through the use of technology, to change the way we live, transact, communicate, across: mobile; private and public cloud; distributed and mainframe environments.

For further information log on to: www.ca.com/za

Editorial contacts

Deirdre Blain
Blain Communications
(+27) 83 230 5522
blain@iafrica.com
Heidi Ziegelmeier
CA Southern Africa
(+27) 11 417 8594
Heidi.Ziegelmeier@CAafrica.co.za