Firms Underrate The ‘Seismic Aftershock’ Of An Attack

UK businesses are overconfident in their cyber security planning and underestimate the damage of the “seismic aftershock” that occurs after a breach, according to a new report.

According to research by Lockton, half of UK firms expect to be fully operational within 48 hours of a cyber breach and only two per cent believe the effects will last longer than 10 days.

However, the recovery time for companies hit by large-scale cyber-attacks can actually be months or years, and the study also exposed holes in organisations’ response planning.

For example, 63 per cent of firms recognise reputational damage as a risk of a data breach, but only 26 per cent include their PR and communications chiefs in their incident response plans.

Meanwhile, while 72 per cent of firms know they can lose revenue and 69 per cent recognise that they can lose data, only 52 per cent of firms consider lost customers as a potential cost of a breach.

Just a third factor in the cost of a forensic investigation, only 36 per cent think about time spent reviewing policies and just 46 per cent consider the regulatory fines they might receive.

“The fact that so few businesses are aware of the aftershocks caused by a cyber-attack is concerning,” said Peter Erceg, senior vice president of global cyber and technology at Lockton.

“It can take several months, if not years, to become entirely operational again after a large-scale breach – and for some firms a full recovery may be bridge too far. UK businesses are currently unprepared for the seismic waves that can decimate an organisation caught unaware.”

A lack of senior managerial influence may be holding back the effectiveness of some businesses’ incident responses – just half of businesses involve their boards in cyber security planning.

“Effective cyber breach planning must involve stakeholders from across the business,” Erceg said. “This is no longer the purview of a few IT specialists. The shockwaves of cyber-attacks are too damaging and too prevalent for businesses to not make it one of the biggest risks they face.

“Companies need to shift from a reactive to proactive approach to avoid and manage a cyber-attack. We should all be considering when, not if, an attack will happen and protect ourselves from the risk.”

Director Of Finance

You Might Also Read:

CEOs Are Accountable For Cyber Attacks:

UK Cyber Chief: Company Directors Are Devolving Responsibility For Hacks:

 

« What is Machine Learning?
The AI Apocalypse »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Nimbusec

Nimbusec

Nimbusec scans your website around the clock and informs immediately if it has been hacked or manipulated

Aveshka

Aveshka

Aveshka is a professional services firm focused on addressing complex threats and challenges including Cybersecurity and Information Technology.

Prove & Run

Prove & Run

Prove & Run provides a patented software development toolchain that is specifically forged to deal with the complex security properties of sensitive software components.

Kymatio

Kymatio

Kymatio are pioneers in Artificial Intelligence applied to adaptive staff strengthening, cultural change and predictive internal risk analysis.

Cofrac

Cofrac

Cofrac is the national accreditation body for France. The directory of members provides details of organisations offering certification services for ISO 27001.

Ashley Page

Ashley Page

Ashley Page offer a unique cyber insurance and risk management solution - Cyber+Insure.

Cyber Science

Cyber Science

Cyber Science is the flagship conference of C-MRiC, focusing on pioneering research and innovation in Cyber Situational Awareness, Social Media, Cyber Security and Cyber Incident Response.

Quantum Generation

Quantum Generation

Quantum Cyber Security for a new age of communications. We are developing the largest decentralized orbital, and ground quantum mesh network based on blockchain technology.

SimSpace

SimSpace

SimSpace is the visionary yet practical platform for measuring how your security system responds under actual, sustained attack.

Allied Telesis

Allied Telesis

Allied Telesis delivers the secure, flexible, and agile solutions needed to meet the expectations of any industry’s critical mission.

StickmanCyber

StickmanCyber

At StickmanCyber we are on a mission to create a digital world that is safe for everyone - we are your trusted cybersecurity partner.

Extreme Networks

Extreme Networks

Since 1996, Extreme has been pushing the boundaries of networking technology, driven by a vision of making it simpler and faster as well as more agile and secure.

Eventus Security

Eventus Security

Eventus, are a team of highly skilled professionals who are committed to deliver excellence in next generation cyber security services and customized solutions for your enterprise.

ImagineX Consulting

ImagineX Consulting

ImagineX Consulting is a cybersecurity-focused boutique technology consultancy whose mission is to help our clients #BeBetter by reducing their corporate risk.

NoviFlow

NoviFlow

NoviFlow is a leading provider of terabit networking software solutions for Communication Service Providers (CSPs).

UltraViolet Cyber

UltraViolet Cyber

UltraViolet is an industry leading tech-enabled managed security services company.