Arbor Networks today published the results of its survey revealing that over a third of businesses (38%) still have no incident response plan. The Economist Intelligence Unit surveyed 360 senior executives, with 73% of these being C-level management or board members from across the world, with 31% based in North America, 36% in Europe and 29% in Asia-Pacific.
The report shows that from 77% of companies, effected by some kind of data loss incident in the last two years, over a third of them (38%) still have no incident response plans in place. This alarming statistics shows that only 17% of international businesses surveyed are fully prepared for an online security incident. These companies are typically relying on own IT department and external resources, like IT forensic experts and specialist legal advisers, to lead the process.
"There is an encouraging trend towards formalising corporate incident response preparations. It is becoming harder to predict the source and impact of the threats, so it is important to convince executives to have an effective response plan,” says James Chambers, senior editor at The Economist Intelligence Unit
Arbor Networks President Matthew Moynahan added: “As these findings show, when it comes to cyber-attacks, we live in a “when” not “if” world. In the wake of recent high-profile targeted attacks in the retail sector, company’s ability to quickly identify and classify and incident, and execute a response plan, is critical to not only protecting corporate assets and customer data, but the brand, reputation and bottom line of the company.”
The low level of preparedness is explained by lack of understanding about threads:
- Only 17% of business leaders believe they are fully prepared for an online security incident;
- 41% of business leaders agree that a better understanding of potential threats would help them be better prepared;
- Having a formal response plan and team in place results in a significant effect on feeling confident among executives;
- Half of the companies surveyed believe that they are unable to predict the impact on their business when a breach occurs.
Formalisation of plans and processes is driven by emphasis on reputation:
- Two-thirds of executives believe that they can enhance their company's reputation by responding effectively to an incident;
- The number of organisations with a formalised response plan and team is set to increase to 80% in the next few years.
Companies remain reticent about disclosing incident information and sharing their intelligence data:
- 57% of organisations do not report incidents voluntarily, where they are not legally required to do so;
- Only a third of companies share information about incidents with other organisations to elaborate best practices or benchmark their own response.
