New Report from CA Veracode Reveals Business Leaders Only Address Cybersecurity Under Duress
December 11 2017 - 7:01PM
Veracode, Inc., a leader in securing the world’s software, and
acquired by CA Technologies (NASDAQ:CA), today released new
research revealing the widening gap between software creation and
software security, with the rush to innovate outpacing the urgency
to secure the process.
The “Securing the Digital Economy” report highlights how
investment in software and digital transformation is rapidly
accelerating, with around one in five business leaders indicating
that their software budget had increased 50 percent or more over
the past three years to support digital transformation projects.
However, the increased software development investment has not
translated to greater security budgets or awareness of the security
risks insecure software introduces: only 50 percent of business
leaders surveyed understand the risk that vulnerable software poses
to their business.
The report indicates that 25 percent of all business leaders
surveyed in Britain and US report that they do not understand any
of these common cybersecurity threats:
- Vulnerable software
- Ransomware
- Vulnerable open source components
- Phishing attacks
- Malicious employee activity
- DDoS attacks
Business Leaders Not Aware of High-Profile
Cyberattacks
The lack of understanding around cyber risk may be attributed in
part to a lack of awareness of successful cyberattacks and their
causes. Because business leaders are unaware of either the breaches
themselves or the underlying causes, they are not compelled to
learn about or defend against similar threats their company could
face. For example:
- Despite being highly publicized and causing several high-level
executives to lose their jobs and the ex-CEO being forced to
testify to Congress, only five percent of all business leaders
surveyed indicated the Equifax breach prompted them to rethink
their current business’s approach to cybersecurity
security;
- Only one-third of business leaders surveyed had heard of the
global WannaCry ransomware attack, although awareness was greater
among British business leaders at 40 percent. Just one in 10
reported it led them to rethink their approach to
cybersecurity;
- Fifteen percent of business leaders surveyed in Britain and 19
percent of German business leaders had not heard of any of the
high-profile cyberattacks listed in the survey (full list can be
found in this chart); while just under half of all US, GB and
German respondents reported cyberattacks have not led their current
business to rethink or update their cybersecurity approach.
We are seeing some shift in awareness, of the 33 percent who
indicated that a cyberattack on another company had led their
business to rethink its approach to cybersecurity, many have either
taken steps to improve their software security or plan to over the
next 12 months.
More than one-third (34 percent) have or will over the next 12
months start scanning or already more regularly scan for
vulnerabilities in software; while one-fifth either have or will
set security thresholds for software built by third-party providers
and for all commercial out-of-the-box applications (22 percent and
20 percent, respectively).
While there may be some shift in awareness, not all business
leaders have woken up to the risks of the evolving cyber threat
landscape. One-third of business leaders surveyed revealed that
they plan to take no new steps to improve their organizations’
overall cybersecurity in the next 12 months.
Chris Wysopal, CTO, CA Veracode commented: “Digital
transformation presents both massive opportunity to innovate and
significant security risks, with 77 percent of applications having
at least one vulnerability when first scanned, which could be
exploited to inject ransomware or steal data.
Many business leaders have yet to fully grasp the most common
cyber threats to their business, nor are they keeping up with some
of the most catastrophic cyber events of our time. We need to
bridge this disconnect between business leaders and the
cybersecurity threat: without greater awareness of the threats and
what is needed to defend against them, their company could easily
be the next headline.”
Executives Will Act When You Talk About the Personal
Risk
While high profile breaches do not in themselves prompt great
change in behavior, when confronted with the possibility of
personal accountability in the event of a breach, executives are
more likely to take action. More than a third of the business
leaders surveyed said the personal risk to executives outstripped
compliance as a driver for board members.
Articulating the potential brand damage for senior executives
from a data breach and the risk to their job security was
recommended by 38 percent and 35 percent of business leaders
surveyed, respectively, as a way to engage a board on
cybersecurity, compared to just 29 percent who suggested that
highlighting the potential fines of data protection regulations,
like GDPR.
To download the Securing the Digital Economy report, click here.
To view the report infographic, click here.
MethodologyCA Veracode commissioned YouGov to
survey 1,403 business leaders across Britain (653), the US (506)
and Germany (244) about their company’s digital transformation
initiatives and understanding of cybersecurity. The polling was
conducted online over a nine-day period between September 25 and
October 4, 2017.
About CA VeracodeVeracode, CA Technologies
application security business, is a leader in helping organizations
secure the software that powers their world. Veracode’s SaaS
platform and integrated solutions help security teams and software
developers find and fix security-related defects at all points in
the software development lifecycle, before they can be exploited by
hackers. Our complete set of offerings help customers reduce the
risk of data breaches, increase the speed of secure software
delivery, meet compliance requirements, and cost effectively secure
their software assets- whether that’s software they make, buy or
sell.Veracode serves over a thousand customers across a wide range
of industries, including nearly one-third of the Fortune 100, three
of the top four U.S. commercial banks and more than 20 of Forbes’
100 Most Valuable Brands. Learn more at www.veracode.com, on
the Veracode blog, on Twitter and in the CA Veracode
Community.
Legal noticeCopyright © 2017 Veracode, Inc. All
rights reserved. All other brand names, product names, or
trademarks belong to their respective holders.
Media Contact:Laura
PaineVeracodelpaine@veracode.comPhone: 339-674-1535
Megan GrastyHighwire for Veracode
(U.S.)megan@highwirepr.comPhone: 415-963-4174 ext. 26
Kate BaldwinHotwire for Veracode (UK &
EMEA)Kate.Baldwin@hotwireglobal.comPhone: +44 (0) 207 608 4677
Xtrackers California Mun... (NASDAQ:CA)
Historical Stock Chart
From Aug 2024 to Sep 2024
Xtrackers California Mun... (NASDAQ:CA)
Historical Stock Chart
From Sep 2023 to Sep 2024