10/29/2024 | Press release | Archived content
The 'Cybersecurity Headaches' research project provides an insight into what keeps IT managers in six different sectors awake at night. Research agency Motivaction surveyed a total of 456 IT managers from various sectors on KPN's behalf.
However, concerns vary from one sector to another. The main 'headaches' for six different sectors follow below.
The healthcare and welfare sector is most concerned about digital security. Its main concerns include the theft of sensitive patient data, followed by the (partial) shutdown of the organization, reputational damage and social impact. Compared to other sectors, this sector is relatively most concerned about digital security (cybersecurity), and considers itself to be least prepared for a cyber threat. For example, the sector is less aware of the consequences of various cyber risks and of the status of digital security in the organization.
The financial sector is very concerned about cybersecurity in general and about the reputational damage arising from a cyber attack in particular. However, financial organizations do seem to be well informed about cyber risks. According to almost all of this sector's respondents, employees know what to do in the event of an attack. However, the sector relatively often feels that the investment required is too high compared to the risks. It is also of note that IT decision makers in the financial services sector are relatively well aware of the risks of cloud services and working partly or fully from home, among other things. The major challenges for this sector are the (rapid) emergence of new technologies and the presence of older systems (legacy software).
This sector is the least concerned about cybersecurity and considers itself well prepared relatively often. The government is most concerned about the theft of sensitive personal data. Concerns about the social impact of a cyber attack and non-compliance with laws and regulations are also mentioned frequently. This sector is relatively less concerned about digital security (cybersecurity) and considers itself the most well prepared for a cyber threat compared to other sectors. In general, the sector has a good insight into cyber risks and their (potentially major) consequences for the organization. Major challenges for the sector are a lack of knowledge and qualified staff and also the presence of older systems (legacy software).
The main concern in this sector is the interruption to business processes, followed by the theft of business information and financial damage. Respondents' level of concern about digital security (cybersecurity) is relatively average, and how prepared they consider themselves to be is also about average compared to the other sectors. Although the industry sector believes it has a reasonably good insight into cybersecurity, it seems to be underestimating a number of risks. For example, the sector relatively often lacks an integral cybersecurity policy and respondents think that the sector is not of interest to cybercriminals, etc.
The main concern in this sector is the financial damage from cyber attacks, followed by the interruption of business activities and the temporary unavailability of webshops and websites. The vast majority of respondents in this sector feel that they are reasonably well prepared or even well-prepared or fully prepared for a cyber threat. However, a majority did say that other things are often prioritized over cybersecurity. Respondents in this sector are also facing a number of challenges, e.g. the complexity of the IT landscape and the need to attract and retain cybersecurity knowledge.
Like the retail sector, respondents in the transport and logistics sector are most concerned about financial damage, followed by a company shutdown and the theft of sensitive personal data. Compared to other sectors, respondents in this sector believe they are well prepared or even fully prepared for cyber threats. However, less than a quarter of organizations in this sector have a policy in place for reporting security incidents. Among other things, the sector is also struggling with a lack of knowledge, awareness and qualified cybersecurity employees.
The researchers also looked at the similarities and differences between medium and large organizations. Both groups are particularly concerned about the theft of sensitive personal data. After data theft, medium organizations are most concerned about reputational damage and financial damage. A particular, significant concern for large organizations is the risk of a company shutdown, followed by reputational damage.
Medium organizations say they are confronted with cyber risks less often and they underestimate them more often. They are less concerned about cyber threats and believe they are of less interest to criminals as well. By contrast, large organizations are more aware of the risks and encounter challenges - like a high workload in their IT and cybersecurity departments - more often.
KPN wants to use the insights obtained from this research to further strengthen its role as a security partner in the Netherlands. By gaining a better insight into the specific challenges in each sector, KPN will be able to work with the various organizations on solutions that will more effectively protect them against the increasing threat of cybercrime.
Motivaction carried out the studyon behalf of KPN. A total of 456 IT managers from medium and large organizations were interviewed via an online questionnaire from August 16-26, 2024. Check kpn.com/securityfor more information.