Businesses today are under increasing attack by cyber-criminals, with often devastating consequences. One area of the world where these risks are posing a significant impact is in the UK, where security breaches are responsible for an estimated £34.1bn. Yet, despite this alarming fact, almost half of all UK firms admit they do not have an adequate cyber security incident response strategy in place.
A recent study polled over 500 UK businesses located about crimes that have impacted their organizations over the past year. The study also examined business leaders’ current concerns surrounding the important topics of security and resilience. What was revealed was that key leadership personnel rank computer viruses and data breaches (theft) as the biggest threats to their companies. Over 1/5th of survey respondents admitted they are “highly concerned” about these threats and 1/3 of those polled (mostly larger organizations) list fear of hackers as a significant concern.
A Costly Problem
About half of those surveyed said they currently have cyber security incident response plans in place that they feel adequately protects their networks. 18% said they have taken extensive measures to protect against hackers and nearly 3/4th confirmed that they have insurance in place to cover any losses caused by a successful breach. Yet, despite the growing concern and recognition of the increasing risks, 44% of UK firms admit they only have basic levels of protection in place. Furthermore, 1 in 8 has experienced infrastructure damage due to malware in the past year at a cost in time, money and resources of about £10,516.
Another revelation of the survey in question was that larger and mid-sized businesses are at a significantly higher risk of becoming a victim of malware – almost twice as likely as smaller companies. 7% of organizations polled had been struck by hackers over the past 12 months, with the average cost of each successful attack coming in somewhere around £16,264. The risks associated with data theft also increased along with the size of the business, with some 16% of larger firms becoming victims over the past year.
What is essentially playing out is akin to an arms race between businesses and those who wish to do them harm through cyber-attacks. Leaders must go beyond simply recognizing that these types of attacks are detrimental to their ongoing success and focus on developing strong, solid cyber security incident response strategies that will be agile enough to combat an increasingly sophisticated enemy. In other words, knowing and taking action are two entirely different things with equally contrasting outcomes.
A Proactive Approach
The solution lies in taking a much more proactive approach to cyber security. Organizations must focus on employing advanced solutions that can facilitate seamless integration with monitoring platforms to create a much more comprehensive and impenetrable defense. Additionally, attention must also be given to the development and implementation of strategies that deal with more timely and effective response and remediation. Incorporating automation into the mix can further enhance and fortify the process.
A Board-Meeting Must
As most professionals are painfully aware, the biggest hurdle to adopting and implementing any new business strategy is quite often obtaining buy-in from key decision makers. Yet, with the number of threats growing in complexity and frequency, there has never been a more important time to position the importance of a strong cyber security incident response plan in front of board members. IT personnel can more effectively persuade those in charge of budget allocation by offsetting the investment with the costs and other critical consequences of successful cyber breaches to demonstrate quantifiable ROI.