Acasă » General Interest » Digitalization » The rapid transition to remote work forced organizations to bypass cybersecurity processes (EY study)

The rapid transition to remote work forced organizations to bypass cybersecurity processes (EY study)

18 August 2021

The health crisis caused by the Covid-19 pandemic has accelerated the implementation of remote work and opened new security breaches. 81% of decision-makers consulted by EY say that their organizations have bypassed cybersecurity processes to facilitate the implementation of new remote and flexible working requirements.

Although the need for companies to defend themselves against cyber-attacks has increased, budgets dedicated to the cybersecurity area have not kept pace, according to the EY Global Information Security Survey 2021 (GISS) report. “The adoption of new work practices in the context of the pandemic has exposed companies to more and more sophisticated cyber-attacks and brought to the forefront the underfunding of cyber defenses,” EY experts explain. Thus, although the number of cyber-attacks has intensified following the pandemic, cybersecurity budgets have remained the same low compared to total information technology spending, according to GISS.

“Although respondents’ organizations recorded average revenues of $ 11 billion in the last fiscal year, the average value of cybersecurity spending was only $ 5.28 million.”

The situation in Romania is similar to the situation globally, according to Cristian Zaharia, manager, forensic technologies and discovery services at EY Romania, quoted by According to him, the major investments in the last 10 years, which were made in the IT area of Romania, led to a standardization of working practices and procedures in the area of cyber security specific to those in Western Europe and the USA. “Antivirus solutions remain the most widely used means of protection, but this has proved insufficient if it does not complement other solutions,” said Cristian Zaharia.

The GISS 2021 report was based on responses from more than 1,000 leaders in cybersecurity (Chief Information Security Officer – CISOs) from players around the world, and nearly four in ten respondents – or 38% – say their organization’s budget is below the level needed to manage the new challenges that have arisen in the last 12 months.

Three challenges for cybersecurity officers

Underfunding cybersecurity “Cybersecurity spending is not properly integrated into the cost of strategic investments, such as transforming the IT supply chain. At the same time, more ore than a third (36%) say it is only a matter of time until they suffer a major breach that could have been avoided had there been more appropriate investment in cybersecurity defenses.”

Regulatory fragmentation The global compliance environment is becoming more complex, with jurisdictions operating at regional and national levels worldwide. Organizations in certain sectors – notably financial services and energy – must also manage industry-specific regulation. Regulation is claiming time that CISOs do not have to give. One in two (49%) warns that ensuring compliance can be the most stressful part of their job. Six in 10 (57%) predict that regulation will become more heterogenous, time-consuming and – some might say – chaotic in the years to come.

There has been a fundamental shift in how CISOs regard compliance, which has worrying implications for their relationship with the regulator. At the time of last year’s GISS, CISOs were still positive about the role of compliance. This year, they recognize that compliance has shifted. It has become so fragmented and complex that it’s now a distraction.

Furthermore, CISOs are less confident this year that regulation is supportive of improved cybersecurity standards in organizations.

Isolated and ignored According to the GISS report, the relationship between cybersecurity leaders and those who hold important positions within the organization lacks positivity and strength, so that about 41% of respondents describe their relationship with the marketing function as negative, up from 36% who said the same a year ago. At the same time, 28% say their relationship with business owners is poor, compared to 23% a year ago.

As a result, compared to 2020, when more than a third of respondents (36%) were confident that cybersecurity teams were being consulted at the planning stage of new business initiatives, the share fell to 19% in 2021. True, on the other hand, that the deep trend is for cybersecurity to be more present in most business stages: design – 35%, compared to 27%, build – 14%, compared to 9%, test – 7%, compared to 5%, deployment – 13%, compared to 7%, run – 7%, compared to 3%.

Leave a Reply

Your email address will not be published. Required fields are marked *