Businesses overestimate data theft readiness, claims report

Majority of businesses have no readiness plan

Unlocked padlock

Thirty-nine per cent of businesses claiming to have a high state of readiness for cyber breaches have no cyber readiness plan, a new report has found.

The research, carried out by Pierre Audin Consultants (PAC), discovered that, also found that only 30 per cent of firms with a cyber readiness plan, which addresses how they will respond in the event of a data security breach, test it monthly, with many of the remaining 70 per cent testing it only annually. This is despite 86 per cent of firms claimed to have a "high state of readiness", according to the report.

PAC found that the most prepared sectors are government and financial services, but that they also suffer the highests remediation costs when a data breach happens.

Speaking at a a round table event hosted jointly with PAC and Telefonica, Greg Day, VP and CTO of EMEA for cyber security firm FireEye, told journalists this was largely unsurprising as organisations operating in this area consistently rank in the top five for attempted and successful cyber attacks and also notmally have to do more to remediate a breach situation when it occurs.

When it comes to the level of breaches, 67 per cent of those surveyed said they had suffered a cyber breach in the last 12 months, and 100 per cent had been breached at some point in the past. This, PAC claims, means a breach is "to all intents and purposes inevitable".

In common with most other reports of this kind, PAC found spending on security among all businesses surveyed was moving from a prevent and protect approach to detect and respond. Currently, this type of investment accounts for 23 per cent of over all spend on information security, but respondents stated this will increse to 39 per cent within the next two years.

Day said this approach was not about surrendering to attackers, but "striking a realistic balance".

"If I go out, I'm not going to leave doors and windows open in my house, but there is no sense in building Fort Knox when social engineering can easily circumnavigate defenses," he said.

Duncan Brown, a director at PAC agreed, saying security in business had been "out of kilter for a while".

"We are not talking about abdicating prevent and protect," said Brown, "but balancing it with a fully formed detect and respond strategy."

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Evaluate your order-to-cash process

15 recommended metrics to benchmark your O2C operations

Download now

AI 360: Hold, fold, or double down?

How AI can benefit your business

Download now

Getting started with Azure Red Hat OpenShift

A developer’s guide to improving application building and deployment capabilities

Download now

Recommended

SonicWall hacked via zero-day flaw in remote access tools
Security

SonicWall hacked via zero-day flaw in remote access tools

25 Jan 2021
Best ransomware removal tools
ransomware

Best ransomware removal tools

22 Jan 2021
Hackers publish over 4,000 files stolen from SEPA in ransomware attack
Security

Hackers publish over 4,000 files stolen from SEPA in ransomware attack

22 Jan 2021
Weekly threat roundup: SAP, Windows 10, Chrome
vulnerability

Weekly threat roundup: SAP, Windows 10, Chrome

21 Jan 2021

Most Popular

How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

21 Jan 2021
WhatsApp could face €50 million GDPR fine
General Data Protection Regulation (GDPR)

WhatsApp could face €50 million GDPR fine

25 Jan 2021
Trump pardons convicted ex-Google engineer Levandowski
intellectual property

Trump pardons convicted ex-Google engineer Levandowski

20 Jan 2021