Last year was terrible for corporate victims of cyberattacks, with many large organizations making headlines over reports of major breaches. Ransomware attacks quadrupled to 4,000 per day from 2015 to 2016, according to the U.S. Department of Justice.

Despite the evidence, most companies greatly understate the risk of a cyber incident, according to EY’s 19th Global Information Security Survey 2016-17. Of the 1,735 global executives, information security managers and IT leaders surveyed, only one in five (22 percent) fully consider information security in their strategy and planning.

This complacency makes little sense given the sharp uptick in hacking methods and sophistication. The average annual cost of cyberattacks to companies worldwide is pegged at more than $9.5 million by the Ponemon Institute. Aside from the financial losses, boards of directors should also deeply consider the reputational damage that comes from such attacks.

Read more…