A recent Kaspersky survey has discovered that two-thirds (67 per cent) of industrial organizations do not report cybersecurity incidents to regulators. Though remaining compliant in modern industrial business is a necessity and a driver for investment, there are many factors that influence how companies follow compliance rules.
Kaspersky’s State of Industrial Cybersecurity 2019 report shows that many companies are flouting reporting guidelines – perhaps to avoid regulatory punishments and public disclosure that can harm their reputation. In fact, respondents said that more than half (52 per cent) of incidents lead to a violation of regulatory requirements, while 63 per cent of them consider loss of customer confidence in the event of a breach as a major business concern.
Apart from incident reporting, other survey results show that companies are taking compliance very seriously, with only a fifth (21 per cent) of industrial companies admitting that they do not currently comply with mandatory industry regulations. Crucially, organizations understand that regulatory demands must be met, despite their lack of reporting.
Compliance is the top budget driver in cybersecurity investment strategies for 55 per cent of respondents. However, this focus on procedures may well be leading companies to become complacent over the quality of the cybersecurity solutions and not taking into account the actual threats – only 28 per cent identified the threat landscape as a key budget driver.