BAE Systems has released new research into how businesses can react to a cyber incident. The study found that just 9% of UK businesses feel totally confident in their organisation’s cyber breach mitigation plan. Despite continuing news of cyber-attacks and data breaches every day, the findings indicate that businesses are still struggling to establish plans that will help them deal with this 21st century threat.
The responses by sector reveal that no companies surveyed from the manufacturing industry are totally confident in their organisation’s cyber breach mitigation plan. This is followed by:
- 5% from ‘other’ commercial sectors
- 7% from retail, distribution and transport
- 10% from IT
- 15% from business and professional services
- 15% from financial services
James Hatch, Cyber Services Director at BAE Systems Applied Intelligence, said:
“Many organisations still see dealing with a cyber security breach as a black swan event, something significant and unexpected that in hindsight could have been prevented, and have not yet made their mitigation plans business as usual. Effective management of cyber breaches requires businesses to be organised and prepared for the threats that they face, with a clear process in place. Everyone involved should be confident in what they need to do.”
When asked what was their most important tool in identifying a cyber-attack quickly, almost half (48%) said that technology is their most important tool, with people coming second at 32%. Just 15% named process – but organisations need to deploy a combination of people, process and technology in order to be cyber resilient.
“There are two problems. Most organisations struggle to deal with something beyond the experience of their people. Each time existing experience is stretched it can cause an emotional reaction within organisations. They have to prepare for these new experiences and learn how to handle in the future. External specialists can help but are most effective when their involvement and arrangements for mobilisation, access and communication are defined in advance. There is absolutely a role for technology and automation, especially in reducing the workload involved in dealing with routine incidents so that security teams have the bandwidth to deal with what really matters.
“The range of incidents that an organisation can face varies hugely from ransomware outbreaks to covert targeted attacks to accidental data breaches. But that doesn’t mean that businesses cannot be prepared for all of these eventualities. The key is to differentiate the routine from the unusual and the urgent from the important and prepare for each with the right combination of technology and automation, people and skills, policy and process. Once this is done, cyber breaches become more manageable and less emotional.”
To discuss further, please visit BAE Systems at RSA in the North Expo hall, Booth 3735; several live on-booth presentations will be held daily. On Tuesday, April 17th at 2:20pm, Colin McKinty will be speaking in the North Expo Briefing Center on “The Evolution of Cyber Crime: A New Approach to Risk is Critical.”