With phishing and social engineering maintaining their position as the top driver of cyber disruptions, there is a need for a stronger cyber resilience culture across organizations, and a focus on the human aspects of the threat. This is one of the key findings of the ‘Cyber Resilience Report’, published by the Business Continuity Institute, in collaboration with Sungard Availability Services (Sungard AS).
The report states that it is clear that business continuity plays a key role in responding to an incident, and ensuring that the organization is able to manage through any disruption and so prevent it from becoming a crisis.
The Cyber Resilience Report found that nearly two-thirds of respondents (64 percent) to the global survey had experienced at least one cyber disruption during the previous 12 months, while almost 1 in 6 (15 percent) had experienced at least 10. Of those who had experienced a cyber disruption, over half (57 percent) revealed that phishing or social engineering had been one of the causes, demonstrating the need for users to be better educated about the threat and the role they can play in helping to prevent an incident occurring.
The study also found that:
- A third of respondents (33 percent) suffered disruptions totalling more than €50,000, while more than 1 in 10 (13 percent) experienced losses in excess of €250,000.
- 1 in 6 respondents (16 percent) reported a single incident resulting in losses of more than €50,000.
- 1 in 5 respondents working for a small or medium sized enterprises (18 percent) reported cumulative losses of more than €50,000. These are significant losses considering 40 percent of SMEs involved in this study reported an annual turnover of less than €1 million.
- Phishing and social engineering are the top cause of cyber disruption, with over half of those who experienced a disruption (57 percent) citing this as a cause.
- 87 percent of respondents reported having business continuity arrangements in place to respond to cyber incidents, indicating that it is now widely accepted as playing a key role in helping to build cyber resilience.
- 67 percent of respondents stated that their organization takes over one hour to respond to a cyber incident, while 16 percent stated that it can take over four hours.
The number of respondents reporting top management commitment to implementing the right solutions to the cyber threat increased to 60 percent, and this is probably due to a number of factors such as the intense media coverage of cyber security incidents, and the impending European Union General Data Protection Regulation, which is due to come into force in less than a year and will have an impact on any organization that holds data on EU citizens.
Read the report (registration required).