66% of organisations have ineffective cyber incident response plans

ISO 27001 documentation - policies and proceduresOnline threats – such as ransomware and DDoS attacks – are increasing in scale and severity every day, but the majority can be easily defended with the right controls and planning.

In spite of this, organisations are still failing to implement and maintain cyber incident response programmes to protect themselves.

According to a new report from AT&T (The CEO’s Guide to Cyberbreach Response):

  1. Only 34% of respondents believe they have an effective incident response plan
  2. Even though 62% of respondents acknowledged suffering an IT security breach in 2015
  3. And 42% of those organisations said the incident “had a significant negative impact” on their business.

As the report states: “It’s impossible to predict when you’ll be hit by a cyberbreach. The ability to respond quickly and thoroughly will determine whether the breach becomes a minor footnote or a major distraction that inhibits company growth for years to come.”

Knowing how to react to a cyber incident could save your business

Most organisations have some sort of cyber security capability – even if basic – but the cyber threat landscape is such that an attack is bound to penetrate your defences sooner or later. The speed at which you identify a breach, combat the spread of malware, prevent access to data, and remediate the threat will make a significant difference in controlling risk, costs, and exposure of a security incident. The first 24 hours are vital.

Free information

Visit our website for more free information about effective cyber incident response planning, including the three phases of a cyber attack and how to counter them, and the top ten incident response management challenges.

Expert help

IT Governance’s Cyber Security Incident Response consultancy service can help you develop the resilience to protect against, remediate and recover from a wide range of cyber incidents, and is based on best-practice frameworks developed by CREST, as well as ISO 27001 and ISO/IEC 27035 (the international standard for cyber incident response).

Contact us now on +44 (0) 845 070 1750 or email us at servicecentre@itgovernance.co.uk to talk to our cyber incident response team.