ITWeb, in partnership with Fortinet, conducted an online survey in June/July to assess how organisations are securing their digital transformation journeys.
Among other things, the survey investigated how far advanced South African businesses were on their digital transformation journey. It also asked them whether they’re confident that their systems can adequately withstand cyber attacks, and interrogated their Zero Trust stance.
A total of 372 responses were captured, with 65% of respondents being at executive and middle management level, and working in a range of major industry sectors. Some 37% of respondents came from the IT sector, 13% came from the financial services sector and 10% from public sector.
Here are the key findings:
1. 29% of respondents said they were making good progress on their digital transformation strategy. 21% said the route was planned and the journey has begun, while 19% said they’d successfully transformed into a digital entity. 10% are partly there, but have experienced some hitches. Surprisingly, 14% don’t have a digital strategy and 6% are still trying to get buy-in from the powers that be.
2. Almost half of respondents (48%) said that their organisation didn’t have a Digital Officer (DO), and their digital strategy wasn’t aligned to their corporate governance methodology. 46% have a DO and have aligned their digital strategy with their corporate governance methodology. The remaining 6% have a DO but their strategy isn’t aligned.
3. Close on half of respondents (44%) have a unified security transformation strategy for their digital journey. 28% say they’re adding appropriate security to each individual project, while 15% say they don’t have enough budget.
4. 65% of respondents have carried out an internal risk assessment on their transformation strategy, while 35% haven’t done so.
5. Asked how the COVID lockdown and the need to get employees working remotely has affected the pace of transformation, 42% said it had accelerated digital transformation, 37% said their plans weren’t derailed, and 21% said projects had been put on hold to focus on remote working.
6. Globally, the Information Systems Security Association reported a 63% increase in cyberattacks related to the pandemic in 2020.* 48% of respondents reported no noticeable increase, 25% said there’d been an increase, but not on such a massive scale. 12% said a 63% increase in threats sounded about right.
7. Asked to describe their approach to cyber security, 23% said it was a little haphazard, driven by cost. 31% use point products where necessary. And 46% have a structured strategic approach.
8. Only 10% of respondents said they were confident that their systems could withstand cyberattacks. Almost half (43%) of respondents said they were doing what they can and managing to stay on top of cyberattacks, 36% say they test regularly and are happy with the results and 12% say they aren’t confident at all.
9. The top three types of attacks experienced over the past year are social engineering (27%), malicious websites (23%) and ransomware attacks (16%). Some 46% of respondents said that no incidents had been detected.
10. The main causes of weaknesses in their systems were ranked as: not having enough money to throw at the problem (36%), employees not taking the risks seriously (35%) and concern about attacks coming through the less secure systems of the companies they connect to (31%).
11. 40% of respondents believe their cloud-based data and applications are more secure than on-prem, while 47% say it depends on which provider they’re with, as security standards vary.
12. 38% of respondents secure cloud-based data and apps through cloud native tools offered by the cloud platform. 34% use third party tools and 28% say the cloud service provider is responsible for it.
13. Almost half (47%) of respondents say users see a Zero Trust approach as necessary, while 36% aren’t sure the extra protection justified the inconvenience. 19% say users resent it and 13% say some users have found a way around it.
14. Half of respondents manage their IT security in-house, while 40% run a hybrid of in-house and outsourced IT security.