Credit Research Foundation Staff President Bill Balduino VP of Research Matt Skudera CFO Cheryl Weaverling Manager Member Services Barbara Clapsadle Communications Manager Tom Diana Chairman & Board of Trustees Chairman Sharon Nickerson Acushnet Company Past Chairman Marty Scaminaci Bemis Company Inc Vice-Chairman, Finance Frank Sebastian SLD of adidas Vice-Chairman, Membership Art Tuttle American Greetings Vice-Chairman, Research Michael Bevilacqua PepsiCo Trustees Kurt Albright Uline Inc Dawn Burford InSinkErator (an Emerson Company) Paul Catalano ABC Amega Peter Knox Nestle USA Abigail Ledger Avery Dennison Jackie Mulligan Proctor & Gamble Distributing LLC Part I CRF Survey Results By Tom Diana Communications Manager, CRF It’s not surprising that the topic of cyber security has been highlighted at recent CRF Forums. Companies are increasingly coming under attack by cyber criminals in a variety of ways as reported by numerous cyber security research rms. For example, a 2016 survey by Wombat Security found that Phishing attacks were up by 22% from the previous year. As cyber crime becomes more lucrative, more criminals are engaging in these acts and they are becoming more and more sophisticated. CRF conducted a survey to learn about recent trends in the attitudes and experiences of credit professionals regarding cyber security. Based on the results, interest and concern is very prevalent. Survey respondents almost unanimously indicated they were either “very interested” or “somewhat interested” in the topic, with only 2% indicating they were “not interested at all”. The number of cyber attack incidences reported by CRF survey respondents was less than the number reported by many other surveys. Only 29% indicated their organization or department has been subjected to a cyber attack. The disparity between this survey and others could be a result of cyber attack attempts that were successfully repulsed. Since only 14% of survey respondents reported being invited to “most” or “all” IT cyber security planning and prevention discussions (Figure 1), this may explain their level of awareness of cyber attack attempts. Such attacks that have no obvious impact are often known only to IT staff who have the technology to detect and repel them before they have an adverse impact. 60 50 40 Fig 1 20 10 How often are you invited to Not invited to any meetings meetings by your organization on cyber-security? 30 Invited to some meetings Invited to most meetings Invited to all meetings 4% 10% 56% 30% While Credit Risk and Accounts Receivable Managers may not always be on the front lines of cyber security efforts, they do receive educational information from IT staff about cyber security awareness and defense. After their companies experienced a cyber attack, survey respondents reported participating in various kinds of prevention and awareness training at the corporate, departmental or IT levels. De nitions of Cyber Attacks Referenced in the Survey The CRF Survey focused on three types of common cyber attacks: Phishing, Malware/ Viruses and Ransomware. 2 ©2017 Credit Research Foundation