Do organisations know what’s out there?

  • What are organisations doing to deal with cybercrime?
    • 61% said they don’t have or are not aware of having access to forensic technology investigators
    • 60% said they don’t have or are not aware of having the in-house capability to investigate cybercrime
    • 56% said they don’t have or are not aware of having a media and public relations plan in place
    • 46% said they don’t have or are not aware of having controlled emergency network shutdown procedures in place
    • 40% said they don’t have or are not aware of having the in-house capability to prevent and detect cybercrime

Keeping an eye on social media sites

  • 60% of respondents said their organisation doesn’t monitor the use of social media sites, or they are not aware of any monitoring policies
  • How social media sites are monitored (% only of those who do monitor the use of such sites):
    • Monitor internal and external electronic traffic including web pages 85%
    • Employee contracts cover how to use information and documents properly 62%
    • Training programmes 37%
  • Typical internal cybercrime fraudster:
    • Junior employee or middle manager 84%
    • Less than 40 years old 65%
    • Employed with the organisation for less than five years 51%

Reducing the risks

  • Provision of cyber security awareness training:
    • No cyber security training in the past twelve months 43%
    • Emails or posters 40%
    • Face-to-face training 25%
    • Computer-based training 22%
  • 60% of respondents said face-to-face training is the most effective form when it comes to cybercrime awareness