A lack of robust planning for a cyber breach, combined with a failure to review and update plans or apply them consistently across organisations, is hampering the efforts of organisations to become “cyber resilient”.
What will your organisation do when it has a cyber breach? “When” because the increasing threats from cyber criminals combined with an increasing reliance on digital technology mean that cyber breaches are almost inevitable, whatever the size of your organisation.
That doesn’t mean organisations should be giving up on their cyber defences. But it does mean that they should be making robust plans for how they will respond to a breach.
But are they? According to The 2nd annual study on the cyber resilient organisation (registration required), only 26% of UK organisations have a formal breach response plan that is applied consistently across their organisation.
And of the organisations that do have a plan, nearly half (49%) have not reviewed or updated the plan since it was put in place.
This is despite the fact that almost half of those organisations have experienced at least one medium or major breach (the loss of 1000 or more sensitive or confidential records) in the last 2 years.
That’s worrying. And the worry is reflected in the amount of confidence UK organisations have in their ability to combat cyber attacks, with only 40% thinking they can prevent them and even fewer, only 35%, confident in their ability to recover from an attack.
Why are UK organisations so worried by their ability to respond to a cyber breach? There are a number of major obstacles to cyber resilience that organisations freely admit to. And the biggest barrier is insufficient planning; almost three quarters (73%) of UK organisations recognise this as a problem.
While it’s true to say that 80% of organisations do have a plan, over a third (34%) of these only have an informal plan while another third have a plan for only part of their organisation. Planning to fail?
In the 2nd annual study on the cyber resilient organisation (UK), which was sponsored by IBM Resilient, 413 IT and IT security professionals were surveyed by the Ponemon Institute. The study was published in February 2017