Many companies underprepared for cyber issues – report

An unnervingly large percentage of companies are underprepared when it comes to data protection, according to a new cybersecurity study from international law firm Pillsbury Winthrop Shaw Pittman.

Conducted in partnership with Mergermarket, the survey polled corporate board members, C-level executives and in-house counsels. Among its key findings were:

• While the vast majority of executives in the financial services and telecommunications, media and technology sectors are confident in their existing cybersecurity capabilities, only 34% of respondents in the energy, mining and utilities sector felt the same
• Only 2% of respondents said C-level executives had ultimate responsibility for cybersecurity concerns at their organisations, and one out of six did not have a dedicated in-house cybersecurity response team
• Only 51% of survey respondents had dedicated cyber insurance, and only 47% had a corporate policy in place for responding to ransomware attacks
• Despite the speed and complexity of cybersecurity and data privacy regulation, one in three respondents said they did not have someone on staff actively tracking related legal developments

“More and more companies are handling sensitive data, and some industry experts project global annual losses from cyber threats to reach US$10.5 trillion by 2025,” said Deborah Thoren-Peden, Pillsbury partner and co-leader of cybersecurity, data protection and privacy for the firm. “While many companies feel pretty confident in their current cybersecurity infrastructure, the stakes are simply too high not to scrutinise their cybersecurity programs carefully, especially given the inconsistencies we’ve found through our survey.”