Cyber Threats Rise Along With Scrutiny of How Companies Handle Hacks
Cybersecurity threats have significantly increased for businesses over the past year, according to a Wall Street Journal survey of compliance professionals. Nine out of 10 companies reported that cybersecurity risks have risen, with nearly half indicating a substantial increase. This trend is particularly notable among midsize companies—those with between $50 million and $1 billion in revenue—which overwhelmingly felt the rise in cyber threats.
The Wall Street Journal survey, conducted between February 13 and March 11, gathered insights from around 300 compliance professionals. Over three-quarters of the respondents were based in the U.S., with the remaining participants spread across Canada and other regions. The financial services sector represented 36% of the respondents, followed by professional and business services (13%) and technology (9%).
Key Insights for MSPs:
Increased Cyber Threats and Regulatory Scrutiny:
Compliance professionals highlighted regulatory scrutiny and enforcement as significant concerns, with 78% citing these issues. The digitization of business operations was also a major concern for 71% of respondents. Recent high-profile hacks and regulatory changes have heightened the stakes for companies. For instance, MGM Resorts International faced a cyberattack that disrupted their operations, while UnitedHealth Group’s Change Healthcare unit suffered a ransomware attack that impacted critical parts of the U.S. healthcare system.Regulatory Changes in Cybersecurity Reporting:
The U.S. has increased pressure on companies to disclose cyber breaches promptly. As of December, the Securities and Exchange Commission (SEC) requires companies to report cyberattacks within four business days if the incident will have a material impact on operations. Additionally, the Cybersecurity and Infrastructure Security Agency (CISA) has proposed draft rules for critical-infrastructure companies to report significant cyberattacks within 72 hours and ransom payments within 24 hours.Skills Gap in Cybersecurity Compliance:
A significant number of compliance professionals reported limited expertise in cybersecurity. Nearly half indicated that they had only a basic or novice level of expertise in overseeing cybersecurity-related compliance, with only 8% considering themselves experts. This skills gap highlights the need for MSPs to invest in training and hiring to bolster their cybersecurity capabilities.Geopolitical Risks Impacting Compliance:
Geopolitical concerns, such as the ongoing Russia-Ukraine war and tensions between the U.S. and China, have increased business risks. Nearly two-thirds of respondents noted that these geopolitical factors have affected their ability to manage compliance effectively. For large companies, the Russia-Ukraine conflict was particularly impactful, with over half of the respondents from this group citing it as a significant factor.Adoption of Artificial Intelligence (AI) in Compliance:
While AI is gaining interest among compliance professionals, its adoption is still in the early stages. About one-third of respondents reported using AI tools for compliance, with 46% planning to adopt AI in the future. Smaller companies, in particular, have been more proactive in leveraging AI, with 41% of respondents from companies with less than $50 million in revenue already using the technology.
By addressing these key insights and challenges, MSPs can better navigate the evolving cybersecurity landscape, enhance their compliance efforts, and support their clients more effectively in mitigating cyber risks.
