Research carried out into the causes of, and responses to, the persistent threat of cyber attack has found some worrying trends in how companies respond to such incidents, including how quickly -- or more to the point slowly -- they take action after an incident has occurred. The Business Continuity Institute’s research is based on a survey of 369 business continuity professionals from across the globe.
Two thirds of respondents to the survey reported at least one cyber security incident over the last 12 months. The costs of these incidents varied greatly, with 73% reporting total costs over the year of less than €50,000, but 6% reporting annual costs of more than €500,000.
The BCI’s research found that there was a wide range of response times for cyber incidents. Almost a third of companies responded promptly, within one hour. However, a fifth take some four hours or more in responding to a cyber event and almost half take more than two hours to respond. This has clear implications for the time taken to return to business as usual and the ultimate cost of the incident for the company.
Even if companies wish to respond immediately to a cyber attack, the nature of the attack may render them unable to do so. The research found that phishing and social engineering was the top cause of cyber disruption, with over 60% of companies reporting being hit by such an incident over the past 12 months and 37% hit by spear phishing.
It also found that 45% of companies were hit by a malware attack and 24% by a denial of service. All of these forms of attack will, in different ways, render a company’s own network either contaminated or inoperable. Their website may have been taken down and they may well have to switch off their internet connection until they can secure themselves from further attack.
“Rapid communication with employees, customer and suppliers is vital for any company in terms of responding effectively to a major business disruption event such as a cyber attack,” commented Rickie Sehgal, chairman of Crises Control, which commissioned the research. “When your business is at risk, even a one hour delay in responding to an incident can be too long. Taking more than two hours to respond, as almost half of companies do, is just unacceptable.
Printed Copy:
Would you also like to receive CIR Magazine in print?
Data Use:
We will also send you our free daily email newsletters and other relevant communications, which you can opt out of at any time. Thank you.
YOU MIGHT ALSO LIKE