As a company that identifies its main target audience in the business sector, unfortunately we are often faced with a certain reluctance on the part of the entrepreneurs with whom we deal regarding investments in IT. It’s not necessarily about having the latest PC models but starting from a basic principle such as computer security. The importance given to this aspect is still limited -as shown by the data that will be reported below- and in most cases the few investments in this sector derive from scarce economic budgets available, therefore there is a tendency to consider IT security as a “cost” and therefore not to spend. Not least, we still have to deal with marginal or even insufficient IT training on the part of corporate IT managers.

We report below on two analyses that address this very topic, namely the predisposition of companies towards cybersecurity.

The first contribution is a study conducted by Cisco, the 2017 Annual Cybersecurity Report, which highlights the economic damage to a company that suffers a cyber attack. Cisco notes that the investment in cybersecurity is, to the uninitiated, economically excessive, although it should be noted that without such an investment the company faces a twofold disadvantage. First of all, those who suffer a hacker attack will experience a drop in production; secondly, the victim will incur higher costs to recover from the attack than the cost of prevention… but is it worth continuing with this skepticism? An attitude that is tantamount to not insuring your car in the hope that everything will go smoothly. In addition to the damage, there is also the mockery: going back to the numbers described in the Cisco report, 22% of the companies that have suffered an IT attack have lost customers because they have lost the trust that they had built up over time; in the same way, potential new customers are also held back. As for the manufacturing mentioned earlier, Cisco found that after a hacker attack, 29% of companies experienced a drop in revenue and 23% lost business opportunities. It certainly seems that the hacker attack is the death knell for security investments, which amounts to putting up the burglar alarm only after the thieves have paid us a visit. A trend that, according to Cisco, absolutely must change: the situation is already alarming now and in the nearest future can only get worse with the growth of the use of Internet of Things objects. So, we continue in our campaign to raise awareness of cybersecurity among companies so that a hacker attack cannot result in a subsequent business failure.

The second contribution is by the School of Management of the Politecnico di Milano and focuses, specifically, on the attitudes shown in information security by Italian companies. Every now and then, some good news: it appears that awareness of the subject matter is on the rise with +5% recorded in 2016 over the previous year. But don’t rest on your laurels! According to theInformation Security & Privacy Observatory the attitude of companies is still inadequate: only 39% of large companies adopt investment plans over a multi-year horizon; 46% include in their staff a specialized figure such as the Chief Information Security Officer; only 15% have activated insurance on the risk related to cyber attacks. Confirmation of this trend can be found among SMEs where very few companies have implemented IT systems capable of dealing with cyber threats in the past year, a figure that is even lower than in 2015. Basically, it seems that in both the large enterprise and SMB sectors, there is a lack of cybersecurity guidelines, and depending on the advent of the GDPR, these guidelines will have to be “business” not only of the IT department, but also adopted at the strategic and apex levels.

Sara Avanzi