The BCI has published its latest Cyber Resilience Report, sponsored by Daisy. The report examines the disruption levels and cyber resilience arrangements across organizations, as well as the reporting and role of senior executives in the development of cyber resilience strategies.
While this year’s report saw 74 percent of respondents note an increase in the number of cyber attacks within the past twelve months, it also found that most organizations registered the impact of those attacks as small to medium. As higher numbers of organizations are taking proactive steps to mitigate the impact of cyber incidents, this serves as evidence that it is resulting in reduced impacts on organizations.
Demonstrating this, some organizations are using dedicated tools to increase the chance of an early warning and a faster and more effective response. Indeed, when considering their most recent cyber incident, 39.9 percent of respondents were notified by a security information event management (SIEM) system, while 35.2 percent received an antivirus/end detection and response (EDR) alert. Using these methods means that the attack is often discovered before business impacts are recorded. However, 14.5 percent of organizations discovered a cyber attack was taking place as a result of a system outage, which obviously runs the risk of customer impacts and reputational damage while also forcing the organization into a more reactive, slower, response.
Developing a cyber incident response
87 percent of respondents say their organization has business continuity arrangements in place to deal with cyber incidents. The business continuity function can be a vital aide in a cyber attack and respondents highlighted that it ensures a faster recovery first and foremost, followed by also helping to mitigate financial losses. However, the report also finds that cyber risks can still be siloed within organizations. For example, an IT team may not adequately communicate with the business continuity team about potential cyber risks. Therefore, there needs to be greater collaboration between teams in the face of this threat. This can be developed with support from top management, but also by continuing to train and exercise certain scenarios across teams to develop relationships and an understanding of roles and responsibilities that will be crucial in a live incident.
The requirement of a collaborative effort is shown in other areas of the report. For example, while cyber security teams are the main department responsible for the cyber resilience strategy of an organization, 43 percent of respondents find that business continuity plays a significant role in creating cyber resilience.
Furthermore, in order to build this resilience, the report finds that complex threats, such as cyber attacks, require a multifaceted response. As such, respondents have been shown to support technical measures (one of the pillars of cyber resilience) with policies and alignment to best practices, industry regulations, and standards. However, it is vital these measures are validated to test their effectiveness. For this critical part of the process, 64.6 percent of organizations conduct exercises and 59.0 percent initiate penetration testing.
