A new survey from cybersecurity company Nixu reveals significant security concerns among Northern European organizations. 39% of respondents assess themselves as having poor or deficient cybersecurity maturity. The survey also reveals that supply chain security is increasing its importance as a key issue, focus on risk management is surprisingly low, and deep expertise is the service providers’ most valued quality. Additionally, cybersecurity budgets are often not optimally spent.
The Nixu Cybersecurity Index measures cybersecurity maturity in Northern European organizations by evaluating four aspects of cybersecurity performance: current state, management, financial investments, and future development plans. In the first survey conducted with this approach, the average score was 67, which is barely satisfactory on the 10–100 scale. The scores are based on self-assessment.
The survey was conducted in September–October 2022. It includes responses from 180 Northern European cybersecurity leaders from various industries and countries, sharing their views on the current and future state of cybersecurity in their organizations.
According to the survey results, security awareness is identified as the most critical cybersecurity capability, and organizations plan to strengthen it in the next 12 months. On the other hand, cybersecurity decision makers assess risk management as a surprisingly uncritical capability. Only 24% stated that risk management is one of the most critical capabilities, and just 21% are planning to strengthen it within the next year. Nevertheless, more than a third of the respondents (38%) say risk management is not well initiated.
“This indicates that cybersecurity has been driven more as a technology item than an integral part of corporate risk management. But the fact is that cybersecurity is all about risk management, and it should be addressed as a business issue,” says Jan Mickos, Business Area Lead, Managed Services, at Nixu.
Supply chain security replacing ransomware as the hottest topic
The role of supply chain security is among the key trends revealed by the survey. Respondents see it as the hottest topic in cybersecurity within the next 12 months. It is replacing ransomware as their leading topic during the last 12 months. A typical supply chain cyberattack can be targeted against one critical service largely used within a specific industry. For instance, the retail sector has already experienced such attacks when payment system providers have been breached.
“It is very difficult to defend against these kinds of attacks, but they are preventable. The real shortcomings and the main responsibility for preventing attacks through the supply chain lies, of course, with the suppliers, mainly the software companies. They need to convince customers that their products both work and are secure. For a long time, we have been able to take this more or less for granted, but it is reasonable that liability issues and guarantees will be given higher priority in IT procurement in the future,” says Jan Mickos.
26% say their cybersecurity budget is not spent in the most effective way. On the other hand, two thirds of the respondents are certain or quite certain that their cybersecurity spending is optimized and appropriate.
Organizations value quality strongly over price when making cybersecurity decisions. A service provider’s deep expertise in cybersecurity was valued highly or extremely highly by 97% of respondents.
Nixu has operated in the cybersecurity field for more than 30 years. In recent decades, the field has evolved and changed significantly. Current geopolitical developments also increase the need for comprehensive security thinking, regardless of industry or geographic location.
“Under such circumstances, any organization benefits from seeking assistance to remain on the safe side and do it effectively. Since there is a global cybersecurity skills shortage, organizations should not compete in who gets to recruit. Instead, the best way to go is to outsource cybersecurity and make skills scale for everyone,” Mickos concludes.
The whole survey report is available here: https://www.nixu.com/nixu_cybersecurity_index_22
Jan Mickos, Business Area Lead, Managed Services
Peter Hellström, Business Unit Lead, Advisory