A new study has revealed 71% of UK organisations don’t believe they are “cyber resilient”.
In the report, titled The Cyber Resilient Organisation in the United Kingdom: Learning to Thrive against Threats, compiled by Ponemon Institute, businesses cited insufficient planning and preparedness, inadequate capability to respond to incidents, and a lack of clear ownership as reasons why they felt their ability to fight off and deal with the aftermath of cyber attacks was in doubt.
“When security incidents occur, organisations need to react quickly and decisively to ensure attacks are managed before they turn into serious business crises. That’s the foundation of cyber resilience,” said John Bruce, CEO and co-founder of Resilient Systems – the creators of an incident response platform designed to help companies deal with cyber attacks.
“By preparing and provisioning for these situations, and aligning the people, processes, and technology for response, organisations can improve their security posture and actually thrive in the face of cyber security incidents.”
Ponemon’s report is timely given the number of high-profile hacks that have occurred in recent months and years.
These include attacks on Sony, Talk Talk and the attack on Ashley Madison, who have recently taken to masking users’ profile pictures in desperate bid to avoid another security failure.
“Despite the growing importance of cyber resilience, the research shows serious issues that need to be addressed if UK organisations are to survive the next wave of cyberattacks,” said chairman and founder of the Ponemon Institute, Larry Ponemon.
“Until cyber resilience becomes a coordinated, organisation-wide effort and the necessary technology and processes are put in place, organisations will remain vulnerable.”
Despite cyber attacks becoming more frequent and high profile, 56% of the study’s respondents reported that their organisations’ leaders do not appreciate that a lack of cyber resilience represents a major risk to the well being of their enterprises and brand images.
Businesses will be forced to become wiser on these issues, however, as the regulatory burden for companies operating inside the European Union will grow with the upcoming introduction of the Global Data Protection Regulation (GDPR), which will bring mandatory data breach reporting to Europe for the first time.
The full study is available to download directly from Ponemon Institute.