In recent years, the importance of robust cybersecurity has been illuminated by large-scale data breaches, regulatory guidance, and consumer privacy concerns.
The health care industry has been particularly hard-hit by the cyberattacks, illustrating the cybersecurity challenge in health care.
Considering the growing number of cyber threats and data breaches facing a number of industries, and high public awareness of cybersecurity issues, it was surprising to read the recently released “The Third Annual Study on the Cyber Resilient Organization,” which found the average budget allocated to cyber resilience among surveyed organizations did not increase between 2016 and 2017.
Are companies overly confident in their ability to deal with cyberattacks?
Conducted by Ponemon Institute and sponsored by IBM, a Center for Connected Medicine (CCM) partner, the Cyber Resilient Organization study surveyed 2,800 global security and IT professionals on their organizations’ cyber resilience, an increasingly popular framework for approaching cybersecurity because it aligns threat prevention, detection and response capabilities to manage, mitigate and recover from cyberattacks.
It’s interesting to compare Ponemon’s findings, which were not focused on a specific industry, with results from a CCM survey of health system leaders last year. Released in December 2017, the CCM’s Top of Mind for Top Health Systems 2018 survey found nearly all responding health systems were planning to boost spending on cybersecurity in 2018. Perhaps that’s not unexpected considering the number of high-profile and costly data breaches that have impacted hospitals and health plans in the past few years.
It’s important to note differences between the two surveys. Ponemon’s Cyber Resilient study was global in scale, did not target a particular sector, and looked at data from 2017. The CCM’s Top of Mind 2018 findings were based on a survey of U.S. health IT and health care C-suite leaders on their opinions about top health IT trends for 2018, including cybersecurity.
Still, the two studies tell us something about the complexities surrounding cybersecurity and cyber resilience, and they share several parallel findings: