Arbor Networks today published the results of its survey revealing that over a third of businesses (38%) still have no incident response plan. The Economist Intelligence Unit surveyed 360 senior executives, with 73% of these being C-level management or board members from across the world, with 31% based in North America, 36% in Europe and 29% in Asia-Pacific.
The report shows that from 77% of companies, effected by some kind of data loss incident in the last two years, over a third of them (38%) still have no incident response plans in place. This alarming statistics shows that only 17% of international businesses surveyed are fully prepared for an online security incident. These companies are typically relying on own IT department and external resources, like IT forensic experts and specialist legal advisers, to lead the process.
"There is an encouraging trend towards formalising corporate incident response preparations. It is becoming harder to predict the source and impact of the threats, so it is important to convince executives to have an effective response plan,” says James Chambers, senior editor at The Economist Intelligence Unit
Arbor Networks President Matthew Moynahan added: “As these findings show, when it comes to cyber-attacks, we live in a “when” not “if” world. In the wake of recent high-profile targeted attacks in the retail sector, company’s ability to quickly identify and classify and incident, and execute a response plan, is critical to not only protecting corporate assets and customer data, but the brand, reputation and bottom line of the company.”
The low level of preparedness is explained by lack of understanding about threads:
Formalisation of plans and processes is driven by emphasis on reputation:
Companies remain reticent about disclosing incident information and sharing their intelligence data: