The “Hiscox Cyber Readiness Report 2018,” has been published and one of the major findings is that seven out of ten organizations fail the cyber readiness test. The Hiscox Cyber Readiness Report is compiled from a survey of more than 4,100 executives, departmental heads, IT managers and other key professionals in the USA, UK, Germany, Spain and The Netherlands.
The report amongst other things measures the cyber readiness of respondents using a multi-dimensional model built on best practice in cyber strategy and execution. The report summarizes its findings by saying, “As an end of term report, it might have the words ‘can do better’ scrawled on it in red ink. It highlights the cyber readiness shortcomings of the majority of the organisations in our sample, particularly the smaller ones.”
The report summarizes, “We measured organisations’ cyber security readiness according to the quality of their strategy (broken down into oversight and resourcing) and execution (processes and technology). From this we produced a cyber readiness model that divided respondents into ‘cyber novices’, ‘cyber intermediates’ and ‘cyber experts’. Nearly three-quarters of organisations (73%) fell into the novice category, suggesting they have some way to go before they are cyber-ready. Only 11% qualified as experts.”
The report goes on to say, “Last year was the moment when major international cyber attacks hit the headlines and affected individuals and companies simultaneously in dozens of countries. High profile victims suffered severe reputational and financial damage, sometimes because they had not taken the threat seriously and done the basics, and sometimes because their handling of the breach revealed deeper corporate failings.”
Public cloud adoption and the more recent move to multi-cloud strategies (i.e., using AWS, Azure and GCP, or some combination thereof) has exacerbated the challenge that companies face when trying to address security, compliance and governance challenges. It seems that the barrage of public stories about misconfigured cloud storage containers leaking sensitive information is weekly. For example, “Misconfigured Amazon Web Services bucket exposes 12,000 social media influencers,” “Alteryx S3 leak leaves 123m American households exposed,” “Verizon Hit by Another Amazon S3 Leak,” and “Massive Amazon S3 leaks highlight user blind spots in enterprise race to the cloud.”
Cyber security isn’t simple, but the report does point out that companies that are more expert at addressing challenges share one common trait, they are proactive. “What sets the cyber experts apart from the cyber novices? Nine out of ten (89%) have a clearly defined cyber strategy, most (72%) are prepared to make changes after a breach and 97% incorporate security training and awareness throughout the workforce,” the report states.
DivvyCloud’s customers all share this same trait. They are proactive, and they use DivvyCloud as part of a clearly defined, policy-driven cyber strategy. For example, using the DivvyCloud software they define and deploy policies that are enforced in real-time across all of their cloud environments. For example, they have deployed DivvyCloud to proactively (and permanently) solve the storage container leaks that have created so many headlines in the last year.