- The report on Digital Maturity in Cybersecurity, prepared by Minsait and SIA, shows that 90% of companies do not have professionals that specialize in cybersecurity, 82% do not keep updated records of digital assets to be protected, 73% have not implemented awareness-raising mechanisms for employees, and only 55% have a Cybersecurity Operations Center to detect and respond to a cyberattack
- All this makes it essential to have the support of specialized partners who can provide a comprehensive vision of the challenges posed by a hyper-specialized and ever-changing sector
- The evolution of culture and the improvement of processes are critical elements: social engineering is behind 90% of attacks and phishing has skyrocketed 6,000% during the pandemic
- In contrast to this trend, companies in the Banking, Telecommunications & Media, and Insurance & Energy industries stand out for their high stage of completion, investment in new technologies and search for innovative responses to cybersecurity challenges
The maturity of cybersecurity has divided the business world into two clearly differentiated and distant groups. 56% of companies lack a well-defined cybersecurity strategy and are far from complying with the Digitally Secure Organization model. And this threatens their sustainability and future in the digital age, in which teleworking heightens the risk and e-commerce is growing exponentially.
Additionally, 73% of companies do not have the necessary incentive, training and communication mechanisms for their professionals to facilitate the required changes in their organization in terms of cybersecurity. And 90% of companies have not incorporated professionals that specialize in cybersecurity.
All of this makes it essential to have the support of specialized partners who offer a comprehensive vision of the challenges posed by a hyper-specialized and ever-changing sector.
This need becomes even more apparent if we consider that only 22% have implemented centralized identity management, a very important measure at a time when digital identity and password theft are two of the main attack vectors. The companies’ lack of protection also becomes evident in the fact that only 55% of organizations rely on a Cybersecurity Operations Center, which is essential to detect attacks and be able to respond.
These are some of the facts revealed in the 2020-21 Report on Digital Maturity in Spain, focused on Cybersecurity and prepared by the Indra companies Minsait and SIA, and based on personal interviews with the heads of a hundred large companies and organizations in Spain and Europe, as well as with some of the leading cybersecurity experts.
This situation proves more serious if we consider that 90% of cyber-attacks use some social engineering technique to break the first line of defence of companies and that, during the pandemic, phishing attacks have skyrocketed by 6,000%.
Underlying these facts is a problem of lack of strategic vision. In this regard, Luis Álvarez, CEO of SIA, states that “half of the companies have not yet incorporated cybersecurity into their agendas and merely deal with it tactically, focusing on the acquisition of tools and disregarding crucial aspects such as culture, processes and people.”
Companies should consider cybersecurity as part of their governance policy. But this situation is far from being achieved: 68% still have no CISO (Chief Information Security Officer), the executive responsible for information security and its alignment with the business goals.
This means that 82% of companies do not keep up-to-date records of digital assets that need protection, and 90% do not use the most advanced cybersecurity techniques, two essential aspects to guarantee full protection, a fact which highlights the remaining room for improvement.
However, and contrary to this trend, the Minsait and SIA report highlights that companies in the Banking, Telecommunications & Media, and Insurance & Energy industries stand out for their high stage of completion, investment in new technologies and search for innovative responses to cybersecurity challenges. The most evolved companies have articulated a long-term vision and are committed to cybersecurity as a cornerstone for the growth and sustainability of their business. Moreover, they have turned this factor into a lever for improving their digital services.
The report on Digital Maturity in Cybersecurity shows that companies are aware of the challenge they face, and have made a significant effort in the last year, which deserves recognition. However, the dynamism of cyber threats and the difficulties involved in their comprehensive management within the entire security chain (which requires a multidisciplinary approach) are two of the major obstacles that are holding back progress. Their success relies on the protection needed to grow and do business online in the years to come.
In the more than 400 pages of the report, SIA's cybersecurity experts review the best practices and measures for protecting a company, and provide a road map that includes identifying risks, implementing actions for protection, determining a strategy to detect attacks, having specialists to be able to respond effectively, and ensuring recovery capabilities.
About Minsait
Minsait, an Indra company (www.minsait.com), is a leading firm in Digital Transformation Consultancy and Information Technologies in Spain and Latin America. Minsait possesses a high degree of specialization and knowledge of the sector, which it backs up with its high capability to integrate the core world with the digital world, its leadership in innovation and digital transformation, and its flexibility. Thus, it focuses its offering on high-impact value propositions, based on end-to-end solutions, with a remarkable degree of segmentation, which enables it to achieve tangible impacts for its customers in each industry with a transformational focus. Its capabilities and leadership are demonstrated in its product range, under the brand Onesait, and its across-the-board range of services.
About SIA
SIA is the Indra company leading the cybersecurity sector in Spain and Portugal, both in terms of turnover and expert talent, with more than 1,200 specialists. Its value proposition is based on the specific responses it offers organizations to meet the challenges and threats posed by the four forces of digitalization: regulatory pressure, connected infrastructures, the transformation of IT architectures and the growing digital interaction of people; responses articulated through a set of specific measures and plans to minimize risk and maximize the protection of their businesses.
A member of the Indra Group, one of the leading global technology and consultancy companies with business operations in 140 countries, it provides SIA with a profound knowledge of the sector as well as a solid worldwide presence. Further information at: www.sia.es
About Indra
Indra (www.indracompany.com) is one of the leading global technology and consulting companies and the technological partner for core business operations of its customers world-wide. It is a world-leader in providing proprietary solutions in specific segments in Transport and Defence markets, and a leading firm in Digital Transformation Consultancy and Information Technologies in Spain and Latin America through its affiliate Minsait. Its business model is based on a comprehensive range of proprietary products, with a high-value focus and with a high innovation component. In the 2020 financial year, Indra achieved revenue of €3.043 billion, with around 48,000 employees, a local presence in 46 countries and business operations in over 140 countries.