Investments in cyber security are mostly driven by regulatory requirements instead of the organizations awareness of the actual and ongoing IT security threats.
According to “Security in the Digital World”, a joint PwC Romania and Microsoft Romania survey launched on Monday, almost 60 percent of the Romanian organizations responding to this survey are planning to increase their cyber security budget in the next financial year (FY), with 20 percent counting on maintaining the current spending level, while 23 percent still don’t not have a clear picture as to their next year’s budget.
With 40 percent of the surveyed local companies not having a formal cyber security strategy, and only 10 percent having reached a maturity level where the strategy is defined, implemented and optimised, the study reveals the fact that information security is not yet fully understood and supported at Board of Directors level.
“Information Security Officer appears not to be heard at Board level unless there is a crisis or a compliance issue – they need more support, including hiring more resources or acquiring security intelligence, as technology is a business wide matter today – information security risks are business wide risks,” Mircea Bozga, Risk Assurance Partner, PwC Romania stated.
While relying mostly on internal existing resources, organizations in Romania responding to this survey need to scale up their information security intelligence. This remains a hallmark of emerging markets, with the more mature organizations from developed economies relying more heavily on external specialized cyber security providers, the survey reads.
As the Romanian companies grow and are confronted with more and more sophisticated cyber threats as well as more stringent regulatory requirements, it is likely that they will address the challenge by engaging specialized IT security providers and exploring the benefits of cloud computing.
In terms of perceived cyber security challenges, 87 percent of respondents declared that they are preoccupied with potential data leaks, 73 percent worry about malware (including ransomware), 70 percent are concerned about potential disruptions in business continuity, with another 70 percent preoccupied to ensure protection against targeted attacks.
“With less than 1 year until enforcement the European Directive for the General Data Protection Regulation (GDPR) is becoming an increasing concern for local organizations. However, the study reveals that very few respondents have already created an execution plan in relation to the provisions of the GDPR”, Oana Terteleac, Digital Sales Incubation Unit Lead Microsoft Romania added.