According to this year’s Hidden Statistics report carried out by The Norwegian Business and Industry Security Council (NSR), 59% of the companies that have been victimised of cyberattacks in 2019 identified the incident by chance and not as a result of well-established routines, policies and security frameworks. Here are some of the key findings from the report.
The Hidden Statistics report (Mørketallsrapporten – link in Norwegian) is the 12th survey on the digital security situation in Norwegian business and some public enterprises. The report is used by the Norwegian government when deciding upon the strategy for the prevention of cybersecurity the following year, and we are proud to take part in this important work as a sponsor and contributor for the last three years.
Also read: Empowerment to increase security.
59% of the companies that have been victimised of cyberattacks, identified the incident by chance
The findings from the report show that a high number of Norwegian companies claim that they have not been victimised by security incident attempts in the year 2019. This is alarming to us as our data indicate that all internet exposed services including servers, VPNs, shopping platforms, routers, IoT devices, and so on, are highly exposed and challenged by cybercrime attackers on a daily basis:
“Our internal research that has been shared on several conferences conclude that all internet exposed services encounter approximately 6-8 attacks every month that is sufficiently serious/advanced to mandate an investigation/police reporting.
When you reflect on the number (91% of respondents are not aware of such attacks) that speaks volumes of the need for awareness in this field. This lack of awareness combined with the lack of reporting also gives a secondary effect on lack of funding to combat such crime from law enforcement,” says Espen Agnalt Johansen, Director of Product Security at Visma.
Other alarming findings is that 59% of the companies that have been victimised of cyberattacks, identified the incident by chance and not as a result of well-established routines, policies, and security frameworks. This is despite the fact that seven out of ten organisations say that they have a framework or management system for information security.
When it comes to how the security breach was discovered, just as many respondents states they identified it by coincidence as those that say they identified it after a routinely internal security monitoring.
Among those who have a framework, 47% discovered incidents during the routine monitoring, compared to 35% among other businesses. At the same time, 59% of those who do not have a framework states that the incidents were discovered by chance, compared to 38% among those who have a framework for information security.
The fact that 50% of the companies blame “human error” and 39% blame the lack of security awareness within the organisation, make things even worse.
After the new privacy regulations were introduced in July 2018, 84% of the companies in the survey say they have made changes and / or improvements in their privacy and information security work. Furthermore, 10% has experienced breaches of personal data security during the last year. Of these, 34% have reported these breaches to the Norwegian Data Protection Authority.
Also, over the past year, 77% of the companies have completed activities that increase employee awareness of safety. However, based on these results, there still seems to be an obvious need for better security measures, awareness, and strategy in Norwegian companies.
Prioritising security at a top-level
At Visma, we have a high goal of establishing a strong security culture among our employees. We are very happy to know that 77% of all companies that participated in The Hidden Statistic reports survey, have worked on improving their security awareness.
For us, security must be prioritised at a top-level–this is required by all parts of our complex organisation. We do this to ensure that our customers’ data, our own data, and our own infrastructure is top-notch. This is a basic requirement for our business and services and this is, and will continue to be, one of our highest concerns.
One of our current initiatives is, therefore, to establish a strong security awareness culture. We strive to educate and create awareness among all our customers and users as well as internally.
Although to be well-educated within Visma is a goal in itself, our long-term goal is that all employees of Visma should be able to deliver the valuable message of cybersecurity–all the way to the end-user.
Considering our size and growth, this is a socially responsible work that we want to contribute to the industry and markets that we are present in.