Businesses overestimate data theft readiness, claims report

Unlocked padlock

Thirty-nine per cent of businesses claiming to have a high state of readiness for cyber breaches have no cyber readiness plan, a new report has found.

The research, carried out by Pierre Audin Consultants (PAC), discovered that, also found that only 30 per cent of firms with a cyber readiness plan, which addresses how they will respond in the event of a data security breach, test it monthly, with many of the remaining 70 per cent testing it only annually. This is despite 86 per cent of firms claimed to have a "high state of readiness", according to the report.

PAC found that the most prepared sectors are government and financial services, but that they also suffer the highests remediation costs when a data breach happens.

Speaking at a a round table event hosted jointly with PAC and Telefonica, Greg Day, VP and CTO of EMEA for cyber security firm FireEye, told journalists this was largely unsurprising as organisations operating in this area consistently rank in the top five for attempted and successful cyber attacks and also notmally have to do more to remediate a breach situation when it occurs.

When it comes to the level of breaches, 67 per cent of those surveyed said they had suffered a cyber breach in the last 12 months, and 100 per cent had been breached at some point in the past. This, PAC claims, means a breach is "to all intents and purposes inevitable".

In common with most other reports of this kind, PAC found spending on security among all businesses surveyed was moving from a prevent and protect approach to detect and respond. Currently, this type of investment accounts for 23 per cent of over all spend on information security, but respondents stated this will increse to 39 per cent within the next two years.

Day said this approach was not about surrendering to attackers, but "striking a realistic balance".

"If I go out, I'm not going to leave doors and windows open in my house, but there is no sense in building Fort Knox when social engineering can easily circumnavigate defenses," he said.

Duncan Brown, a director at PAC agreed, saying security in business had been "out of kilter for a while".

"We are not talking about abdicating prevent and protect," said Brown, "but balancing it with a fully formed detect and respond strategy."

Jane McCallion
Deputy Editor

Jane McCallion is ITPro's deputy editor, specializing in cloud computing, cyber security, data centers and enterprise IT infrastructure. Before becoming Deputy Editor, she held the role of Features Editor, managing a pool of freelance and internal writers, while continuing to specialise in enterprise IT infrastructure, and business strategy.

Prior to joining ITPro, Jane was a freelance business journalist writing as both Jane McCallion and Jane Bordenave for titles such as European CEO, World Finance, and Business Excellence Magazine.