83% Firms Not Prepared For Online Security Incident
Despite three out of every four companies have suffered an incident of security breach in the past two years, 83% of businesses globally are not fully prepared for an online security incident. These were the findings of The Economist Intelligence Unit that surveyed 360 senior business leaders across Asia Pacific, North America, Europe.
According to the report, of the 17% firms that do have a response plan in place not only rely on their IT department to lead this process, but also draw upon external resources - primarily IT forensic experts, specialist legal advisers and law enforcement experts.
“There is an encouraging trend towards formalizing corporate incident response preparations. But with the source and impact of threats becoming harder to predict, executives should make sure that incident response becomes an organizational reflex rather than just a plan pulled down off the shelf,” said James Chambers, senior analyst at EIU.
The report reveals that the level of preparedness is being held back by lack of understanding about threats, as only 41% of business leaders feel a better understanding of potential threats would help them be better prepared.
Despite having a formal plan or team in place is seen to have a significant effect on feeling of preparedness among executives, over 50% of the companies feel that they are unable to predict the business impact when a breach occurs.
Emphasis on reputation
Two-thirds of executives say that responding effectively to an incident can enhance their firm’s reputation. The research predicts that the percentage of organizations that presently have an incident response team and plan in place is set to rise above 80% in the next few years.
Moreover, firms that have suffered an incident in the past 24 months are twice as likely to have an arrangement with a third party expert as firms that have not suffered an incident.
At present however, firms remain reticent about disclosing incidents and sharing intelligence about threats. The survey reveals that 57% of organizations do not voluntarily report incidents where they are not legally required to do so. Only one third of the companies reportedly share information about incidents to spread best practice and benchmark their own response.
Arbor Networks president Matthew Moynahan states that in the wake of recent high profile targeted attacks, a company’s ability to quickly identify and classify and incident, and execute a response plan, is critical to not only protecting corporate assets and customer data, but the brand, reputation and bottom line of the company.
- Skybox Finds Cryptomining Malware Now Dominates Threat landscape
- Know Before Getting Your Cloud Architecture In Shape
- CISOs Should Help In Building Digital Trust With Consumers, Says Study
- Battling Cyber Risks With Intelligent Automation
- Ensuring A Secured Blockchain Ecosystem
- Cyber GCCs In India At The Cusp Of Transformation
- Have We Learnt A Lesson From Facebook-Cambridge Analytica Crisis?
- Firms Unable To Cope With Security Skill Gap, Vendor Sprawl: Study
- Why VPN Services Are Getting More And More Popular
- 5 Ways To Create A CX-First Culture For Executives