Over the past three years, the acceleration of ransomware damage has generated an awareness of cyber issues. Yet, in this cyber domain, the majority of companies of all sizes remain "designed to fail" and citizens are disarmed. There is still time to start a cyber revolution. It is indispensable.
Awareness is growing, but the cyber debt is inexorably increasing.
In large companies, the awareness of leaders is accelerating. This is evidenced by reports from the World Economic Forum (WEF) and the increase in cyber budgets, which now represent 15% of the IT budgets of large companies (Accenture). Many executives have understood that these investments must be accelerated. But due to the lack of adapted solutions, especially financial ones, this acceleration does not yet affect all companies (such as our SME network, which employs 6.3 million people), nor local authorities (sometimes affected twice by ransomware, as in Annecy, one year apart) nor associations.
For companies, the attention of the boards of directors is also growing. This is evidenced by the successive publications of institutions aimed at them. Like, in 2016, the French Institute of Directors (IFA) and KPMG on the role of audit committees. In April 2020, the Internet Security Alliance, ecoDa (European confederation of directors association) and insurer AIG published a guide for the supervision of cyber risk by directors. By doing so, the topic has evolved from one audit topic among many to a full-fledged corporate risk. In March 2021, the World Economic Forum, the National Association of Corporate Directors - NACD (USA), the Internet Security Alliance and PwC published the Principles of Board Governance of Cyber Risk. This guide reinforces the central role of cyber in the company's strategy, including competitive differentiation, for its products. It also states that 60.5% of NACD members said that cyber is an important area for improvement over the next 12 months.
Yet every day, and in virtually every project, companies are adding stones to their digital backpacks. That cyber debt is growing to the point where it can't move in the event of an attack. An easy target. Because 79% of digital transformation projects do not include cyber at the right level (Accenture). Situation worsened with projects driven by the arrival of Covid. In every project with a dose of digital, whether it is conducted internally or entrusted to a partner. Unintentionally, each day that passes, a more difficult situation is created for tomorrow.