Close to one in four businesses have admitted that the benefits of adopting innovative new technologies is outweighed by the potential cybersecurity risks that they present.
That is according to a new report published by risk management firm Marsh and Microsoft titled the 2019 Global Cyber Risk Perception Survey based on surveys of more than 1,500 senior business executives.
Half of respondents said that cyber risk never holds their company back from adopting new technology.
However, with data regulations like the General Data Protection Regulation (GDPR) being implemented globally, the cost of suffering a cyberattack is seemingly putting many off of pursuing innovation.
According to the report, cyber risk aversion is particularly present among smaller companies with annual revenues below $100m.
Businesses expressed a high level of concern about the risk posed by connected devices and the Internet of Things. Some 25% of respondents rated the threat of IoT technology as “extremely high”. Cloud computing is viewed also a cause for concern, with 23% stating that it poses an extremely high cyber risk.
Digital products and apps developed in-house were deemed to be a slight risk, with 14% rating it extremely high. Artificial intelligence, robotics and blockchain were deemed less of a risk at 9%, 8% and 6% respectively.
A sign of improving cybersecurity awareness
Despite the negative impact that cyber risk has on innovation at many organisations, the findings do suggest that businesses are beginning to pay more attention to potential cyber risks.
More than in five of those surveyed stated that cyber risk is now their employer’s top concern – an increase of 16% since 2017.
Likewise, 79% said that it was at least a top five concern, up by 17% in the past two years. This makes fear of cyberattacks the most widely noted risk by a considerable margin, ahead of economic uncertainty at 59% and reputational damage at 57%.
According to Gartner, cybersecurity spending is expected to exceed $124bn in 2019 as a result of this increased concern.
Yet, poor cybersecurity practices continue to leave businesses vulnerable. For example, 74% claim to evaluate the potential cyber risk posed by new technology before it is adopted, but only 36% continue to evaluate that risk after adoption.
According to Marsh, this results from businesses struggling to develop the “cybersecurity culture” needed to defend against the constantly evolving threat landscape.
While businesses are aware of cyber threats, it often takes something drastic to cause change. Some 64% said a cyberattack launched against their organisation would be the biggest driver of increase cyber risk spending, for example.
“We are well into the age of cyber risk awareness, yet too many organisations still struggle with creating a strong cybersecurity culture with appropriate levels of governance, prioritisation, management focus, and ownership,” Kevin Richards, global head of cyber risk consulting for Marsh, said.
“In the era of transformational technology and more interconnected supply chains, the cyber risk management practices and mindsets of yesterday no longer suffice and may actually inhibit innovation,” Joram Borenstein, general manager of the Cybersecurity Solutions Group at Microsoft, said.
“It is incumbent upon senior leaders to focus on these issues for the welfare of their organizations, their customers, their employees, and beyond.”