83% of businesses are not prepared for an online security incident
Posted on 18 March 2014.
Arbor Networks announced the results of a survey on the issue of incident response preparedness. The Economist Intelligence Unit surveyed 360 senior business leaders, the majority of whom (73%) are C-level management or board members from across the world, with 31% based in North America, 36% in Europe and 29% in Asia-Pacific.

The report shows that despite 77 percent of companies suffering an incident in the past two years, over a third of firms (38 percent) still have no incident response plan in place should an incident occur. Only 17 percent of businesses globally are fully prepared for an online security incident.

More prepared firms that do have a response plan in place typically rely on the IT department to lead this process, but the majority also draw upon external resources – primarily IT forensic experts, specialist legal advisers and law enforcement experts.

“There is an encouraging trend towards formalizing corporate incident response preparations. But with the source and impact of threats becoming harder to predict, executives should make sure that incident response becomes an organizational reflex rather than just a plan pulled down off the shelf,” said James Chambers, a senior editor at The Economist Intelligence Unit.

Arbor Networks President Matthew Moynahan added, “As these findings show, when it comes to cyber-attacks, we live in a “when” not “if” world. In the wake of recent high profile targeted attacks in the retail sector, a company’s ability to quickly identify and classify and incident, and execute a response plan, is critical to not only protecting corporate assets and customer data, but the brand, reputation and bottom line of the company.”

Level of preparedness is being held back by lack of understanding about threats
  • Only 17 percent of business leaders feel fully prepared for an incident.
  • 41 percent of business leaders feel a better understanding of potential threats would help them be better prepared.
  • Having a formal plan or team in place has a significant effect on feeling of preparedness among executives.
  • Half of all companies feel that they are unable to predict the business impact when a breach occurs.
Emphasis on reputation is driving formalisation of plans and processes
  • Two-thirds of executives say that responding effectively to an incident can enhance their firm’s reputation.
  • The percentage of organisations that now have an incident response team and plan in place is set to rise above 80 percent in the next few years.
  • Firms that have suffered an incident in the past 24 months are twice as likely to have an arrangement with a third party expert as firms that have not suffered an incident.
Firms remain reticent about disclosing incidents and sharing intelligence about threats
  • 57 percent of organisations do not voluntarily report incidents where they are not legally required to do so.
  • Only a third of companies share information about incidents with other organisations to spread best practice and benchmark their own response.





Spotlight

Biggest ever cyber security exercise in Europe is underway

Posted on 30 October 2014.  |  More than 200 organisations and 400 cyber-security professionals from 29 European countries are testing their readiness to counter cyber-attacks in a day-long simulation, organised by the European Network and Information Security Agency (ENISA).


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Oct 30th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //