The majority of technology and health care companies view cyber-security as a serious threat to both their data and business continuity, and only one-third are completely confident in the security of their information, according to a survey by Silicon Valley Bank.
The study, based on a survey of 216 executives of technology-based companies, found nearly all (98 percent) companies are maintaining or increasing their cyber-security resources and of those, half are increasing resources devoted to online attacks this year. Resources are most likely to be invested in monitoring, preventative policies, training and staffing rather than in preventative infrastructure, indicating they are planning for when, not if, they are attacked.
Most survey respondents believed cyber-security is a serious threat to both their data and business continuity, with a full 51 percent rating the threat to business interruption as very serious or serious. The threat to data or intellectual property (IP) was viewed as more significant with 60 percent saying it was a very serious or serious threat. Software companies are more likely than those in health care and cleantech or hardware to consider a cyber-attack a serious threat in terms of business interruption (58 percent versus 47 percent and 41 percent, respectively).
Overall, companies expressed confidence in the security of their information, but only 35 percent said they were completely/very confident, while 57 percent were moderately confident. Survey respondents were far less confident about the security measures taken by their critical business partners, including vendors, distributors and customers, with only 16 percent completely/very confident.
"The survey shows us the threat of a cyber-attack is not just hype. A surprising number of technology companies we heard from say the threat to their IP and their business is very serious," Bob Curley, managing director of corporate finance for Silicon Valley Bank, said in a statement. "Companies in the tech sector, particularly software companies, are feeling exposed, and increasingly having to expend resources to manage cyber-attacks, rather than investing in the growth of their business. That's a huge impact on a growing company, and eventually the economy overall."
Most respondents said they still store company information either privately or only partially on the cloud, indicating a lower appetite for using the public cloud–even with security measures in place–to cost-effectively store important company information. While 52 percent said they are storing information privately, nearly half are using the public cloud for at least some of their data.
Software companies were the most aggressive users, with 59 percent using the public cloud for at least some of their data. Early-stage companies are also more likely to embrace the cloud, presumably to lower their costs and achieve efficiencies even at a small scale. For nearly half of executives surveyed, increased media attention to cyber-attacks has changed the tide of opinions on cyber-security and has helped heighten its priority in companies across the board.
"In addition to risks to their intellectual property and business interruption, they may be keenly aware of the mounting customer concern that comes from rising media exposure–which in turn creates even more incentive to beef up cyber-security resources," the report noted.