- 34% say their organisation is at risk of security threats due to skills gaps
- Only a third (33%) conducted a cyber security risk assessment in past year
- Increased DDoS attacks (35%), phishing and scam attacks (35%), and employees downloading unapproved apps (33%) listed as main IT security threats
SEPTEMBER 2021: New research from Europe’s leading provider of cloud infrastructure and cloud services, IONOS Cloud, has found that over 40% of IT decision makers (IT DMs) surveyed admit to their business having a cyber security skills gap, with a third (34%) saying this is putting their organisation at risk of security threats. Additionally, four in 10 of those surveyed say they are facing a skills gap in data protection or cloud knowledge and understanding.
Worryingly, a quarter of those surveyed also state that the business they work for isn’t as secure as it needs to be (25%) and that their organisation is not adhering to necessary legislation (25%).
When stating what they feel are the biggest threats to a business’s IT security at this time, respondents said increased DDoS attacks (35%), phishing and scam attacks (35%), employees downloading unapproved apps (33%) and employees not storing data correctly (32%).
The research, which was conducted by Censuswide on behalf of IONOS Cloud, polled 609 IT decision makers. The aim was to better understand the current challenges businesses are facing in the wake of the pandemic, and where cyber security and data protection standards are sitting on business IT priority lists.
While the skills gap is a clear issue, encouragingly, many businesses do in fact recognise the importance of cyber security, with more than three quarters of those asked (76%) saying it is either the top priority (34%) for their business or within the top three (42%).
However, when asked about cyber security risk assessments, there was a real disparity in responses. Remarkably, only one third of those surveyed have conducted one in the past 12 months. A further 16% have conducted one more than five years ago and have no plans to do one in the future, and 12% have never conducted one and don’t plan to. These findings demonstrate a lack of understanding regarding the importance of risk monitoring – which can often highlight new security issues teams may not be aware of.
“What’s clear from the new insights is that businesses understand the importance of both cyber security and data protection, but missing skillsets are leaving organisations extremely vulnerable. That’s why it’s vital companies put measures in place to plug these gaps, and don’t hesitate to work with external expertise to ensure businesses are protected,” commented Achim Weiss, CEO of IONOS.
Weiss added: “When it comes to withstanding a cyber-attack, fortunately the pandemic has put this front of mind. Eight in 10 businesses say they feel prepared to handle one, despite any skills gaps they have, with the main reasoning being greater investment in secure cloud services (37%). While internal procedures like staff training are an important step in preventing attacks, seeking external support and services and working with designated providers can provide an extra layer of defence and much needed peace of mind.”
In addition, almost six in 10 businesses (58%) surveyed say they are putting more focus on adhering to data protection compared to before the pandemic. However, 13% are actually giving it less attention, with almost half (48%) selecting the main reason as time pressures and job workload meaning insufficient time to ensure the business is up-to-date with the latest protection legislation.
With the Information Commissioner’s Office setting significant monetary fines for breaches to GDPR law, businesses must ensure they are fully aware of compliance procedures and the latest legislative requirements to follow when handling personal data.
“When it comes to data protection, action must be taken to bridge knowledge gaps. IT teams are under great pressure to adhere to the latest legislation, but one way to help minimise risk when it comes to data is to work with European-based cloud providers that adhere to GDPR – rather than those that must also work under laws such as the US CLOUD act” Weiss concluded.
For more information on IONOS Cloud, visit: https://cloud.ionos.co.uk/