Firms Underrate The ‘Seismic Aftershock’ Of An Attack

Uploaded on 2017-08-24 in BUSINESS-Services-IT & Telecoms, FREE TO VIEW, NEWS-Cybersecurity News

UK businesses are overconfident in their cyber security planning and underestimate the damage of the “seismic aftershock” that occurs after a breach, according to a new report.

According to research by Lockton, half of UK firms expect to be fully operational within 48 hours of a cyber breach and only two per cent believe the effects will last longer than 10 days.

However, the recovery time for companies hit by large-scale cyber-attacks can actually be months or years, and the study also exposed holes in organisations’ response planning.

For example, 63 per cent of firms recognise reputational damage as a risk of a data breach, but only 26 per cent include their PR and communications chiefs in their incident response plans.

Meanwhile, while 72 per cent of firms know they can lose revenue and 69 per cent recognise that they can lose data, only 52 per cent of firms consider lost customers as a potential cost of a breach.

Just a third factor in the cost of a forensic investigation, only 36 per cent think about time spent reviewing policies and just 46 per cent consider the regulatory fines they might receive.

“The fact that so few businesses are aware of the aftershocks caused by a cyber-attack is concerning,” said Peter Erceg, senior vice president of global cyber and technology at Lockton.

“It can take several months, if not years, to become entirely operational again after a large-scale breach – and for some firms a full recovery may be bridge too far. UK businesses are currently unprepared for the seismic waves that can decimate an organisation caught unaware.”

A lack of senior managerial influence may be holding back the effectiveness of some businesses’ incident responses – just half of businesses involve their boards in cyber security planning.

“Effective cyber breach planning must involve stakeholders from across the business,” Erceg said. “This is no longer the purview of a few IT specialists. The shockwaves of cyber-attacks are too damaging and too prevalent for businesses to not make it one of the biggest risks they face.

“Companies need to shift from a reactive to proactive approach to avoid and manage a cyber-attack. We should all be considering when, not if, an attack will happen and protect ourselves from the risk.”

Director Of Finance

You Might Also Read:

CEOs Are Accountable For Cyber Attacks:

UK Cyber Chief: Company Directors Are Devolving Responsibility For Hacks:

 

« What is Machine Learning?
The AI Apocalypse »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Center for Internet Security (CIS)

Center for Internet Security (CIS)

CIS is a nonprofit entity that harnesses the power of a global IT community to safeguard private and public organizations against cyber threats.

BTWorks

BTWorks

BTWorks provides identity management and anti-phishing / smishing solutions for web and mobile apps.

D3 Security

D3 Security

D3's Smart SOAR platform is at the forefront of the security automation revolution, helping clients around the world to rapidly identify, analyze, and resolve advanced threats.

Viavi Solutions

Viavi Solutions

Viavi Solutions is a global leader in both network and service enablement and optical security performance products and solutions.

Cryptosense

Cryptosense

Cryptosense provides the first application security software dedicated to the detection and remediation of crypto vulnerabilities.

CICRA

CICRA

CICRA is Sri Lanka's pioneering cyber security training and consultancy provider.

Infosec (T)

Infosec (T)

Infosec (T) Limited is an independent Tanzania based consultancy specializing in IT governance, information security and IT audit.

Mitre ATT&CK

Mitre ATT&CK

MITRE ATT&CK™ is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations.

R3

R3

R3 is an enterprise blockchain software firm working with a broad ecosystem of more than 300 participants across multiple industries to develop blockchain applications.

Apptega

Apptega

Apptega is an award-Winning Cybersecurity and Compliance Platform. Our mission is to make cybersecurity and compliance easy for everyone.

Hubify

Hubify

Hubify is an experienced, service-driven technology company specialising in business connectivity across mobile, data, voice, cloud, & cyber security solutions.

Skyhigh Security

Skyhigh Security

Skyhigh Security enables your remote workforce while addressing your cloud, web, data, and network security needs.

M.Tech

M.Tech

M.Tech is a leading cyber security and network performance solutions provider. We work with leading vendors to bring optimal solutions to the market through a channel of reseller partners.

Cydea

Cydea

Cydea are an optimistic cyber security consultancy of experts in security, data, technology and design that want to build a safer, more secure world where more things go right.

PlanNet 21 Communications

PlanNet 21 Communications

PlanNet 21 Communications is Ireland most specialised technology solution provider.

Halo Security

Halo Security

Halo Security is a fast, easy, and scalable external attack surface management platform that gives security leaders deep visibility into their internet-facing assets.