Majority of firms ‘unprepared’ for cyber security incidents
More than three-quarters of businesses may be vulnerable to cyber security threats as they do not have an effective response plan in place, a new study has warned.
Research conducted by IBM and the Ponemon Institute found some 77 per cent of enterprises do not have a policy that is applied consistently across their organisation.
Additionally, more than half of firms (54 per cent) do not test the plans they do have regularly enough, which can also leave them unprepared to deal with the complex and fast-moving processes that must be undertaken in the event of a breach in order to minimise damage.
Ted Julian, vice-president of product management and co-founder of IBM Resilient, said: "Failing to plan is a plan to fail when it comes to responding to a cybersecurity incident. These plans need to be stress tested regularly and need full support from the board to invest in the necessary people, processes and technologies to sustain such a programme."
IBM highlighted the importance of an effective response plan, noting that organisations that are able to react quickly and efficiently to contain a cyberattack within 30 days save an average of more than $1 million (£760,000) on the total cost of a data breach.
Other issues uncovered by the study include the fact that nearly half of organisations (46 per cent) are still not fully compliant with the EU's General Data Protection Regulation (GDPR) requirements.
This is despite the fact that GDPR has been in force for any organisation holding the personal data of EU citizens for almost a year, and that businesses had several years prior to the implementation date to get ready for the new regime, which imposes much tougher requirements on how sensitive personal data is handled and protected.
With potential for fines of up to four per cent of a company's global turnover for failing to meet these requirements – which could amount to hundreds of millions of pounds for the largest enterprises – this could prove very costly for many organisations in the coming months and years as enforcement gathers pace.
Share This Post, Choose Your Platform!
With over 25 years in the business telecoms industry and an unrivalled reputation of delivering excellent, personal customer service, Arrow is one of very few companies in the UK able to provide a full telecoms, IT and energy consultancy and service proposition.
Savings through automation, scale, improved service. We’ve got that covered. But the true value comes with empathy, through empowerment, collaboration. It’s connecting people that drives us forward. It’s people that make tomorrow happen.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.