New research has indicated 65% of organisations have extreme concern or concern about a cyber attack during 2013.
The research, conducted jointly by the Business Continuity Institute (BCI) and British Standards Institute (BSI), was published today as the “The Horizon Scan 2013 Survey Report”. The survey of 730 businesses in 62 countries includes a wide range of interesting detail about how organisations are responding to the threat of cyber-attack.
Key highlights from the survey suggest that:
- Businesses are continuing to invest in resilience and business continuity planning and preparedness with 22% confirming they will be increasing investment in such preparedness, and a further 54% stating they would maintain the current level of investment.
- Data breaches (66%) and cyber attack (65%) were amongst the top threats identified amongst the trends that are shaping how businesses are responding to the threat landscape.
- Security concerns related to theft, vandalism and fraud were also seen as significant areas for 2013 in terms of threats to business continuity and the security landscape.
Whilst financial services, ICT companies and public sector organisations all perceived the greatest level of threats to be from unplanned IT and telecom outages, data breaches and cyber attacks, the levels of preparedness varied significantly amongst different market sectors. The most significant growth in investment in securing the business was in the ICT services sector where 28% of firms confirmed a rise in their budget for business continuity activities, compared to only 11% within the public sector.
Perhaps unsurprisingly, given the current state of the economy and budgets, the UK based respondents to the research lead the table in maintaining their budgets at previous or lower levels – only 14% expect to increase their investment in ensuring business continuity over the course of 2013.
Howard Kerr, Chief Executive of the BSI, comments “This latest report shows that businesses need to be more prepared than ever for every type of risk. Through careful management you can mitigate risk, increase recovery speeds and fulfil your regulatory and statutory obligations – helping you minimise the potential impact on your corporate reputation.
“Developing your cyber resilience must be an integral part of an organisation’s wider business resilience strategy. Those that fail to act are at risk of sleep walking towards a reputational time bomb. By putting in place a framework based on risk standards, you will be able to identify, prioritise and manage threats more effectively”
Andrew Frowen, Managing Director of IntaForensics stated “Organisations can ensure that they are prepared to investigate the source and impact of security breaches and incidents through developing a robust approach to forensic readiness as part of their overall security incident response. This is vital for some organisations – for example those seeking Impact Level 2 or 3 accreditation to provide services in to the G-Cloud
“We often work with clients investigating security incidents, trying to identify what happened, when and by whom. This can involve painstaking investigation of large amounts of network data, logs, individual machines and files. Nothing will replace the depth of such an investigation, but organisations can certainly save costs and ensure key data is available for analysis if they develop a robust forensic readiness plan.”
IntaForensics offer a forensic readiness planning service, conducted by an experienced team of consultants. The costs are economic, and the investment may well save both money and your corporate reputation.