Businesses overestimate data theft readiness, claims report
Majority of businesses have no readiness plan
Thirty-nine per cent of businesses claiming to have a high state of readiness for cyber breaches have no cyber readiness plan, a new report has found.
The research, carried out by Pierre Audin Consultants (PAC), discovered that, also found that only 30 per cent of firms with a cyber readiness plan, which addresses how they will respond in the event of a data security breach, test it monthly, with many of the remaining 70 per cent testing it only annually. This is despite 86 per cent of firms claimed to have a "high state of readiness", according to the report.
PAC found that the most prepared sectors are government and financial services, but that they also suffer the highests remediation costs when a data breach happens.
Speaking at a a round table event hosted jointly with PAC and Telefonica, Greg Day, VP and CTO of EMEA for cyber security firm FireEye, told journalists this was largely unsurprising as organisations operating in this area consistently rank in the top five for attempted and successful cyber attacks and also notmally have to do more to remediate a breach situation when it occurs.
When it comes to the level of breaches, 67 per cent of those surveyed said they had suffered a cyber breach in the last 12 months, and 100 per cent had been breached at some point in the past. This, PAC claims, means a breach is "to all intents and purposes inevitable".
In common with most other reports of this kind, PAC found spending on security among all businesses surveyed was moving from a prevent and protect approach to detect and respond. Currently, this type of investment accounts for 23 per cent of over all spend on information security, but respondents stated this will increse to 39 per cent within the next two years.
Day said this approach was not about surrendering to attackers, but "striking a realistic balance".
"If I go out, I'm not going to leave doors and windows open in my house, but there is no sense in building Fort Knox when social engineering can easily circumnavigate defenses," he said.
Duncan Brown, a director at PAC agreed, saying security in business had been "out of kilter for a while".
"We are not talking about abdicating prevent and protect," said Brown, "but balancing it with a fully formed detect and respond strategy."
Managing security risk and compliance in a challenging landscape
How key technology partners grow with your organisationDownload now
Evaluate your order-to-cash process
15 recommended metrics to benchmark your O2C operationsDownload now
AI 360: Hold, fold, or double down?
How AI can benefit your businessDownload now
Getting started with Azure Red Hat OpenShift
A developer’s guide to improving application building and deployment capabilitiesDownload now