RCS - Crossword Cybersec - Q2 2022 Research Release

Crossword CybersecurityAnnouncement

24/05/2022 07:16

For best results when printing this announcement, please click on link below:
http://newsfile.refinitiv.com/getnewsfile/v1/story?guid=urn:newsml:reuters.com:20220524:nRSX4882Ma&default-theme=true

RNS Number : 4882M  Crossword Cybersecurity PLC  24 May 2022

Crossword Cybersecurity Plc research reveals 40 per cent of companies believe
their cyber strategy will be outdated in under two years

A perfect storm of escalating cyber-attacks and global tech innovation, leaves
61 per cent of Chief Information Security Officers (CISO) only "fairly
confident" of managing their current threat exposure.

 

24 May 2022 - London, UK - Crossword Cybersecurity Plc
(http://www.crosswordcybersecurity.com/) (AIM:CCS, "Crossword", the "Company"
or the "Group"), the cybersecurity solutions company focused on cyber strategy
and risk, has today released a new report based on the findings of a survey of
over 200 CISOs and senior UK cyber security professionals.  Called "Strategy
and collaboration: a better way forward for effective cybersecurity
(https://www.crosswordcybersecurity.com/crossword-report) ", the paper reveals
companies are more concerned and exposed to cyber threats than ever before,
with almost two thirds (61 per cent) describing themselves as at best only
"fairly confident" at managing their current cybersecurity threat exposure,
which should raise some eyebrows around the boardroom.

Respondents also feared their cyber strategy would not keep pace with the rate
of tech innovation and changes in the threat landscape.  40 per cent believe
their existing cyber strategy will be outdated in two years, and a further 37
per cent within three years.  Additional investment is needed to address
longer term planning, with 44 per cent saying they only have sufficient
resources in their organisation to focus on the immediate and mid-term cyber
threats and tech trends.

The daily firefight

CISOs and cyber professionals report struggling to manage today's
cybersecurity risks across the board.  Asked about the day-to-day aspects of
securing their businesses on a scale including "a little, somewhat, or very
challenging", the following areas were ranked highest as at least somewhat
challenging by respondents: (total challenging figures in brackets)

 

·    Detecting or identifying the occurrence of a cybersecurity event or
threat - 56 per cent (85 per cent)

·    Third parties disclosing breaches in good time - 55 per cent (85 per
cent)

·    Understanding and anticipating new or potential future strategies
used by threat actors - 55 per cent (84 per cent)

·    Ensuring that the entire supply chain is water-tight in its ability
to defend and recover against threat actors - 52 per cent (83 per cent)

 

Juggling cybersecurity priorities

Not only do organisations feel they are chasing their next cyber strategy, but
they are struggling to deliver on the one they have now.  CISOs highlighted
the following key priorities over the next 12 months:

 

·    The cyber skills gap within organisations is the highest strategic
priority (31 per cent).  This has a been a perpetual problem facing the IT
industry and cybersecurity teams can become quickly overwhelmed if the right
expertise is not in place to manage the load.  The effects of this can be
devastating, creating risk vectors that can be exploited and may lead to human
error under pressure, or a missed threat.  Rather than hunting new people,
the gap could in part be addressed by putting more resources into training and
upskilling, but this is difficult when team capacity is already stretched.

·    The next most important priority highlighted by CISOs is the
challenge of gaining consistent and reliable 'threat intelligence' (28 per
cent), with many reporting they rely on informal information sharing
networks.

·    Securing digital identity (27 percent) was also identified as key
given the risks posed by hackers gaining credentials and impersonating users
to access data and systems.

Stuart Jubb, Group Managing Director at Crossword Cybersecurity plc,
commented: "The picture painted by our research shows CISOs are in urgent need
of a strategic rethink.  CISOs need to balance their cybersecurity
operation's daily load with managing the organisation's long-term
requirements. Boards must make sure CISOs have the budget necessary to get
short-term issues under control and then begin planning a long-term business
wide strategy.  Such a strategy should be supported by a standard operating
model with robust processes and policies for the company's entire supply
chain. Every month of delay leaves businesses open to potentially crippling
cyber-attacks."

The tech trends that matter to cyber professionals

CISOs were also asked about the technology trends that they saw as being the
most important and relevant over the next 12 months.  Several technology
categories stood out with cloud transition and cyber in the cloud leading the
way (41 per cent), followed by Cyber Security Mesh Architecture (CSMA - 35 per
cent), and AI/Machine Learning (31 per cent).

 

Deciding how each of these categories will fit into the short-term cyber goals
and longer term strategy of UK organisations will take serious
consideration.  However, respondents did report having a clear view on the
most important technology components they want to address in their cyber
security plans in the short term, compared to the next three or five years.
 Three quarters (75 per cent) said software verification, which helps to
ensure a program is secure, 69 percent said cloud transition and 69 per cent
said dealing with ransomware escalation, will be a focus immediately or over
the next 12 months. A similar number (65 per cent) identified CSMA, a method
for making cybersecurity products interoperable, as a key technology. Other
technologies of note included:

 

o  Zero trust and identity security (62 per cent)

o  Quantum data stores / computing (55 per cent)

o  AI / Machine learning (55 per cent)

 

Jubb concluded: "Cybersecurity today is in a more tightly squeezed iterative
cycle than it was in the past. It demands that organisations take a more
strategic and collaborative approach - we recommend appointing a head of cyber
security strategy, while leaving the CISO to deliver on the immediate
challenges.  Managing the day to day risks is a tough balancing act, but one
that can be achieved if CISOs have the right resources to upskill their teams
and tools that leverage AI to bring efficiency and automation to help protect
their organisation and its supply chain against today's threats."

Professor Tim Watson, Programme Director, Defence & Security, The Alan
Turing Institute and Director, WMG Cyber Security Centre, University of
Warwick, commented: "Collaboration is especially important when it comes to
protecting critical national infrastructure because it's rapidly becoming a
whole new theatre of conflict between Nation States.  It's also not
particularly easy because there are so many private and public stakeholders."

Muttukrishnan Rajarajan (Raj), Professor of Security Engineering and Director,
Institute for Cyber Security, City, University of London, commented: "Tackling
ransomware is a huge area of focus in the world of research, so I'm not
surprised this scored highly in the survey.  We are often commissioned to
work on projects that focus just on this - an attack on one SME can cause a
complete supply chain to grind to a halt as we saw with vulnerabilities
introduced via the Log4J code libraries recently."

 

- Ends -

 

 

Contacts

 

Crossword Cybersecurity plc - Tel: +44 (0) 333 090 2587

Email: info@crosswordcybersecurity.com

Tom Ilube, Chief Executive Officer

Mary Dowd, Chief Financial Officer

 

Grant Thornton (Nominated Adviser) - Tel: +44 (0) 20 7383 5100

Colin Aaronson / Jamie Barklem / Daphne Zhang / Ciara Donnelly

 

Hybridan LLP (Broker) - Tel: +44 (0)203 764 2341

Claire Louise Noyce

 

For media enquiries contact:

Financial PR:

David Hothersall, Kinlan Communications

davidh@kinlan.net - Tel: +44 (0) 207 638 3435

General:

Duncan Gurney, GingerPR

duncan@gingerpr.co.uk - Tel: +44 (0)1932 485 300

 

About Crossword Cybersecurity plc

Crossword offers a range of cyber security solutions to help companies
understand and reduce cyber security risk. We do this through a combination of
people and technology, in the form of SaaS and software products, consulting,
and managed services. Crossword's areas of emphasis are cyber security
strategy and risk, supply chain cyber, threat detection and response, and
digital identity and the aim is to build up a portfolio of cyber security
products and services with recurring revenue models in these four areas. We
work closely with UK universities and our products and services are often
powered by academic research-driven insights. In the area of cybersecurity
strategy and risk our consulting services include cyber maturity assessments,
industry certifications, and virtual chief information security officer
(vCISO) managed services.

 

Crossword's end-to-end supply chain cyber standard operating model (SCC SOM)
is supported by our best-selling SaaS platform, Rizikon Assurance, along with
cost-effective cyber audits, security testing services and complete managed
services for supply chain cyber risk management. Threat detection and response
services include our Nightingale AI-based network monitoring, Nixer to protect
against application layer DDoS attacks, our Trillion and Arc breached
credentials tracking platforms, and incident response. Crossword's work in
digital identity is based on the World Wide Web Consortium W3C verifiable
credentials standard and our current solution, Identiproof, enables secure
digital verification of individuals to prevent fraud.

 

Crossword serves medium and large clients including FTSE 100, FTSE 250 and
S&P listed companies in various sectors, such as defence, insurance,
investment and retail banks, private equity, education, technology and
manufacturing and has offices in the UK, Poland and Oman. Crossword is traded
on the AIM market of the London Stock Exchange.

 

Visit Crossword at https://www.crosswordcybersecurity.com/
(https://www.crosswordcybersecurity.com/)

 

 

 

 

This information is provided by Reach, the non-regulatory press release distribution service of RNS, part of the London Stock Exchange. Terms and conditions relating to the use and distribution of this information may apply. For further information, please contact
rns@lseg.com (mailto:rns@lseg.com)
 or visit
www.rns.com (http://www.rns.com/)
.

Reach is a non-regulatory news service. By using this service an issuer is confirming that the information contained within this announcement is of a non-regulatory nature. Reach announcements are identified with an orange label and the word “Reach” in the source column of the News Explorer pages of London Stock Exchange’s website so that they are distinguished from the RNS UK regulatory service. Other vendors subscribing for Reach press releases may use a different method to distinguish Reach announcements from UK regulatory news.

RNS may use your IP address to confirm compliance with the terms and conditions, to analyse how you engage with the information contained in this communication, and to share such analysis on an anonymised basis with others as part of our commercial services. For further information about how RNS and the London Stock Exchange use the personal data you provide us, please see our
Privacy Policy (https://www.lseg.com/privacy-and-cookie-policy)
.   END  NRASEDFIDEESEFI