Fears of cyber threats delaying digital transformation: Microsoft study
Microsoft and Frost & Sullivan Study reveals that:
•Digital transformation has been delayed due to fears of cyber-risks
•Organisations can respond to just 56% of all security alerts on any given day, owing to capacity restraints
•Cybersecurity attacks have led to job losses in half (50%) of organisations surveyed over the last year
AUCKLAND, 19 JULY 2018 – A Frost & Sullivan study commissioned by Microsoft reveals that New Zealand organisations are currently ill-equipped to meet the
challenge of rising cyber threats, and greater investment in cloud, AI and other cybersecurity tools as well as a focus
on training new cyber security experts, are required to prepare us for digital transformation.
The study, titled “Understanding the Cybersecurity Threat Landscape in Asia Pacific: Securing the Modern Enterprise in a
Digital World”, aims to provide business and IT decision makers with insights on the economic cost of cybersecurity
breaches in the region and identify the gaps in organisations’ cybersecurity strategies.
The study reveals that more than half of the organisations surveyed in New Zealand have either experienced a
cybersecurity incident (36%) or are not sure if they had one as they have not performed proper forensics or data breach
assessment (16%).
However, cybersecurity attacks resulted in job losses in half (50%) of the organisations that have experienced an
incident over the last 12 months.
“As companies embrace the opportunities presented by cloud and mobile computing to connect with customers and optimize
operations, they take on new risks,” says Russell Craig, National Technology Officer, Microsoft New Zealand
“With traditional IT boundaries disappearing the adversaries now have many new targets to attack. Companies face the
risk of significant financial loss, damage to customer satisfaction and market reputation—as has been made all too clear
by recent high-profile breaches.”
In addition to financial losses, cybersecurity incidents are also undermining New Zealand organisations’ ability to
capture future opportunities in today’s digital economy, with 43% of respondents stating that their enterprise has put
off digital transformation efforts due to the fear of cyber-risks.
Besides external threats, the research also revealed key gaps in organisations’ cybersecurity approach, including
treating security as an afterthought and using an unnecessarily complex array of security solutions. Despite
encountering a cyberattack, only 19% of organisations consider cybersecurity before the start of a digital
transformation project. This limits their ability to conceptualise and deliver a “secure-by-design” project, potentially
leading to insecure products going out into the market.
Meanwhile, having a large number of security solutions does not equate to a safer enterprise. Organisationswith more
security solutions (between 26-50) encountered almost the same occurrence of security incidents (33%), compared to
organisations with less than 10 solutions (37%). It’s best to reduce the number of tools and complexity of operations so
operators can become more proficient with the tools they have.
Encouragingly, the study does reveal that almost two out of three (65%) organisations in New Zealand have either adopted
or are looking to adopt an AI approach towards boosting cybersecurity. AI’s ability to rapidly analyse and respond to
unprecedented quantities of data is becoming indispensable in a world where cyberattacks’ frequency, scale and
sophistication continue to increase. At present just 56% of security alerts can be addressed on any given day, according
to the study.
An AI-driven cybersecurity architecture will also grant companies with the capabilities to accomplish tasks, such as
identifying cyberattacks, removal of persistent threats and fixing bugs, faster than any human could, making it an
increasingly vital element of any organisation’s cybersecurity strategy.
“Utilising AI-enabled security tools can significantly reduce risk,” says Russell Craig. “Ever more advanced tools scan
incoming mail for threats and filter these out before they even reach our inboxes. Of course, it’s impossible to
entirely prevent malicious hacking, human error or other sources of cyber risk, but the effectiveness of these tools
continually improves, thanks to the vast scale of cyber threat data that can be gathered via the public cloud and
translated into insights using data analytics.”
Key recommendations from the study include:
•Continue to invest in strengthening your security fundamentals: Over 90% of cyber incidents can be averted by maintaining the most basic best practices. Maintain strong passwords, use
multi-factor authentication and keep device operating systems, software and anti-malware protection up-to-date;
•Assessment, review and continuous compliance: Assessments and reviews should be conducted regularly to test for potential gaps. Keep tabs on not just compliance to
industry regulations but also how the organisation is progressing against security best practices; and
•Leverage AI and automation to increase capabilities and capacity: With security capabilities in short supply, organisations need to look to automation and AI to improve the capabilities
and capacity of their security operations.
END