More than half (53%) of organisations report that cyber-security threats are their number one concern, more so than financial and operational risks, a report from trust management platform Vanta found. Yet, on average, just 11% of companies’ IT budgets are currently dedicated to security, which could leave organisations exposed.

Report Findings Explained

Vanta’s recent State of the Trust Report surveyed 2,500 IT and business leaders across the UK, US and Australia to uncover the complex threats preventing organisations from building consumer trust. According to the report, 55% of organisations think the risks they face have never been higher, and 53% say that cyber-security threats are their number one concern. Other findings included the following:

• Fifty per cent of organisations reported detecting and responding to cyber-security threats at least once a week.
• Forty-six per cent of organisations reported that one of their vendors had experienced a data breach since they began working together.
• Fifty-one per cent of organisations reported being concerned about the risks that artificial intelligence (AI) poses to their security.
• Sixty-five per cent of organisations reported that customers, suppliers and investors now require more proof of security compliance.

Despite these concerning statistics, organisations aren’t investing sufficiently in cyber-security, according to Vanta. In fact, on average, only 11% of companies’ IT budgets are earmarked for cyber-security; in an ideal world, this would be 17%. Compounding the problem, 11% of organisations have decreased their investment in hiring cyber-security staff due to budget constraints and talent shortages.

Vanta asserted that AI could be the key to unlocking IT security team efficiencies. For instance, organisations spend six hours per working week on vendor security reviews. AI could streamline vendor risk reviews and eliminate other manual tasks. However, the need for AI governance to ensure compliance with data collection regulations remains imperative. Only 36% of organisations are in the process of putting a company AI policy in place despite the increased use of AI tools.

Next Steps

According to Vanta, outdated processes and legacy solutions relying on manual updates are leaving organisations with insufficient visibility into their security posture. To keep pace with evolving threats and to maintain consumer trust, organisations must “go beyond the standard way of doing things.” Organisations can strengthen their security posture in the wake of evolving threats by automating key workflows, adopting a zero-trust security model, and ensuring continuous monitoring of security and compliance.

In addition, cyber-insurance can help financially protect organisations from the devastating consequences of evolving cyber-threats. Contact us today for additional guidance and insurance solutions.