The results of the 2020 ITWeb/KnowBe4 Cyber Security Survey are out. It ran for 14 days on ITWeb during January and was completed by 282 respondents.
61% of those are decision-makers – 21% are C-level executives, while a further 40% are at mid-management level
While 41% work in ICT, the remaining 59% hail from a wide range of major industry sectors.
43% come from large companies, with over 1 000 employees, while close to 40% work in the SME sector (under 200 employees).
Below are some key findings:
1. About half of the respondents (52%) described their security strategy as ‘proactive’ – having purposely implemented solutions that address both internal and external threats.
Just over one third (35%) said it’s ‘mature’, with a well thought-out plan for a layered security strategy.
Only 13% chose ‘reactive’ - and have no overarching security strategy.
2. When it comes to security culture of their organisation, 35% of respondents report their employees have adopted good cyber security behaviour; while 9% reveal they have no real security culture in place.
3. Attack methods that are of biggest concern are phishing or spear phishing, ransomware, and data breaches.
4. Security awareness training emerged as the most pressing security initiative that is currently being worked on (rated as 3.6 on a scale of 1 -5)
It is followed by the need to secure the cloud; establish security culture; and step up Incident response (all rated at 3.5).
3. a. POPIA requires the appointment of an information officer. The survey revealed that 46% of businesses plan to combine this with an existing role; 47% plan to make an internal appointment, while 7% will recruit someone new.
5. When it comes to user concerns the survey revealed that negligent insiders that fall prey to phishing scams are most concerning, which was closely followed by users sharing passwords.
6. The top three concerns when it comes to the executive level are: business disruption (27%), operational downtime (25%), and the prospect of a significant data breach (23%).
7. As for general concerns, the lack of security specialists tops the list, followed by inadequate budgets for security spend and the weakening SA economy.