However, Sikich said a majority of executives are confident they can prevent or minimize these problems. Fifty-four percent of those surveyed were extremely or very confident of their ability to handle these situations while the figure rose to 74 percent for larger companies. For organizations with less than $500 million in revenue, only 49 percent had the same optimism.
”This disparity may be due to great spending on cybersecurity by these companies,” the report concluded.
The report defines larger companies as those with more than $500 million in annual revenue while smaller companies fall below that threshold.
Sikich believes having a single person having sole or primary responsibilty for cyber security is a better than having it be one among several responsibilities. That practice “can ensure that cybersecurity receives the concentrated attention that it demands,” the firm noted. Sikich conceded this practice can prove difficult at mid-market companies with smaller IT practices. “In these companies, where resources aren’t readily available, it may make more sense to look at outsourcing the entire cybersecurity program,” the authors recommended.
However, responsibility for managing cybersecurity is not centralized at most companies. Among larger companies, only 45 percent report a single executive is responsible for managing area as their sole or primary responsibility and that plunged to 14 percent among small companies.
Sikich also asked respondents how they sell and deliver products. Forty-nine percent of companies use e-commerce. But of that group, many felt e-commerce has not lived up to their expectations.
Thirty-nine percent said ecommerce sales had exceeded expectations, 37 percent said those sales fell short. Larger companies were more disappointed with 56 percent saying ecommerce sales lagged expectations and only 30 percent said they exceeded them.