83% Firms Not Prepared For Online Security Incident

by CXOtoday News Desk    Mar 19, 2014

online breach

Despite three out of every four companies have suffered an incident of security breach in the past two years, 83% of businesses globally are not fully prepared for an online security incident. These were the findings of The Economist Intelligence Unit that surveyed 360 senior business leaders across Asia Pacific, North America, Europe.

According to the report, of the 17% firms that do have a response plan in place not only rely on their IT department to lead this process, but also draw upon external resources - primarily IT forensic experts, specialist legal advisers and law enforcement experts.

“There is an encouraging trend towards formalizing corporate incident response preparations. But with the source and impact of threats becoming harder to predict, executives should make sure that incident response becomes an organizational reflex rather than just a plan pulled down off the shelf,” said James Chambers, senior analyst at EIU.

The report reveals that the level of preparedness is being held back by lack of understanding about threats, as only 41% of business leaders feel a better understanding of potential threats would help them be better prepared.

Despite having a formal plan or team in place is seen to have a significant effect on feeling of preparedness among executives, over 50% of the companies feel that they are unable to predict the business impact when a breach occurs.

Emphasis on reputation

Two-thirds of executives say that responding effectively to an incident can enhance their firm’s reputation. The research predicts that the percentage of organizations that presently have an incident response team and plan in place is set to rise above 80% in the next few years.

Moreover, firms that have suffered an incident in the past 24 months are twice as likely to have an arrangement with a third party expert as firms that have not suffered an incident.

At present however, firms remain reticent about disclosing incidents and sharing intelligence about threats. The survey reveals that 57% of organizations do not voluntarily report incidents where they are not legally required to do so. Only one third of the companies reportedly share information about incidents to spread best practice and benchmark their own response.

Arbor Networks president Matthew Moynahan states that in the wake of recent high profile targeted attacks, a company’s ability to quickly identify and classify and incident, and execute a response plan, is critical to not only protecting corporate assets and customer data, but the brand, reputation and bottom line of the company.