How effective are your Cyber Security Incident Responses?

The Ponemon Institute recently released the Cyber Security incident response report which surveyed over 600 IT professionals asking them details about their cyber security incident response.

Most organisations surveyed have suffered a security incident in the last 24 months, making the following results rather shocking.

57% of respondents expect to experience a security breach within the next year

Even though they’ve suffered a breach before, over half of these organisations expect that they’ll be victims again. When asked what could be done better to mitigate future breaches, most respondents agreed that the best option would be to improve their incident response capabilities rather than implement more effective preventive security measures.

To me, this suggest that these organisations understand that they will suffer cyber attacks no matter what and their best chance of surviving them, is knowing how to deal with them once they’ve happened.

Only 20% of respondents regularly communicate with management about threats

The fact that only 20% of respondents communicate with management is staggering. There shouldn’t be a gap between IT and the Board because without providing information of threats to the board, IT can’t be surprised when they find out their security budget is being cut.

However, you can flip the tables and say that if the board doesn’t give IT the opportunity to raise issues, then they can’t be surprised if their company becomes a victim of a data breached. Moreover, what is their strategy if they get breached?

Cyber Resilience

According to Cyber Security expert Alan Calder and Forbes Magazine, becoming cyber resilient will replace becoming cyber secure. Cyber Resilience is defined as “The ability to repel cyber attacks while protecting critical business assets, rapidly adapting and responding to business disruptions and maintain continuous business operations”

Implementing a cyber resilience strategy would allow an organisation to first, defend against cyber attacks and secondly, quickly respond to incidents where cyber attacks were successful.

Attend Alan Calder’s free Webinar – Cyber Resilience: the new normal on the 12th February