Firms Underrate The ‘Seismic Aftershock’ Of An Attack

Uploaded on 2017-08-24 in BUSINESS-Services-IT & Telecoms, FREE TO VIEW, NEWS-Cybersecurity News

UK businesses are overconfident in their cyber security planning and underestimate the damage of the “seismic aftershock” that occurs after a breach, according to a new report.

According to research by Lockton, half of UK firms expect to be fully operational within 48 hours of a cyber breach and only two per cent believe the effects will last longer than 10 days.

However, the recovery time for companies hit by large-scale cyber-attacks can actually be months or years, and the study also exposed holes in organisations’ response planning.

For example, 63 per cent of firms recognise reputational damage as a risk of a data breach, but only 26 per cent include their PR and communications chiefs in their incident response plans.

Meanwhile, while 72 per cent of firms know they can lose revenue and 69 per cent recognise that they can lose data, only 52 per cent of firms consider lost customers as a potential cost of a breach.

Just a third factor in the cost of a forensic investigation, only 36 per cent think about time spent reviewing policies and just 46 per cent consider the regulatory fines they might receive.

“The fact that so few businesses are aware of the aftershocks caused by a cyber-attack is concerning,” said Peter Erceg, senior vice president of global cyber and technology at Lockton.

“It can take several months, if not years, to become entirely operational again after a large-scale breach – and for some firms a full recovery may be bridge too far. UK businesses are currently unprepared for the seismic waves that can decimate an organisation caught unaware.”

A lack of senior managerial influence may be holding back the effectiveness of some businesses’ incident responses – just half of businesses involve their boards in cyber security planning.

“Effective cyber breach planning must involve stakeholders from across the business,” Erceg said. “This is no longer the purview of a few IT specialists. The shockwaves of cyber-attacks are too damaging and too prevalent for businesses to not make it one of the biggest risks they face.

“Companies need to shift from a reactive to proactive approach to avoid and manage a cyber-attack. We should all be considering when, not if, an attack will happen and protect ourselves from the risk.”

Director Of Finance

You Might Also Read:

CEOs Are Accountable For Cyber Attacks:

UK Cyber Chief: Company Directors Are Devolving Responsibility For Hacks:

 

« What is Machine Learning?
The AI Apocalypse »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

vArmour

vArmour

vArmour is the industry’s first distributed security system that provides insight and control for multi-cloud environments.

CERT-IS

CERT-IS

CERT-IS is the national Computer Emergency Response Team for Iceland.

Maticmind

Maticmind

Maticmind is an ICT System Integrator providing solutions and specialized skills in Networking, Security, Unified Communications & Collaboration, Datacenter & Cloud and Application.

Ogasec

Ogasec

Ogasec is a cybersecurity company formed by the merger between Aker and N-Stalker in 2017. Solutions include Security & Connectivity Networking, Application Security, and Managed Security Services.

Zen360Consult

Zen360Consult

Zen360Consult provides Advisory and Training services in the field of Cyber Resilience, which includes Cyber Security /ISMS and Business Continuity.

Wizlynx PTE LTD

Wizlynx PTE LTD

Wizlynx PTE LTD is the Singapore branch of Wizlynx Group located in Singapore, offering Information and Cyber Security Services throughout the entire Asia Pacific (APAC) region.

National Cybersecurity Competence Centre (NC3) - Czech Republic

National Cybersecurity Competence Centre (NC3) - Czech Republic

NC3 has been established in response to growing demands for practically applicable products and solutions for ensuring cybersecurity of critical and non-critical information infrastructures.

Wiser Market

Wiser Market

Wiser Market is a leading company in global online brand protection services, intellectual property protection, anti-Counterfeit & trademark infringements.

MajorKey Technologies

MajorKey Technologies

MajorKey improves security performance by reducing user friction and business risk, empowering your people, and protecting your IP.

Infoline Tec Group Berhad

Infoline Tec Group Berhad

Infoline Tec Group Berhad is principally involved in providing IT infrastructure solutions, cybersecurity service provider and solutions, managed IT and other IT services.

Bastazo

Bastazo

Bastazo provides tools for vulnerability and patch management. Focus your cybersecurity operations on vulnerabilities with the highest risk of exploitation.

Neeve

Neeve

Neeve is an edge cloud platform transforming smart buildings and spaces, making them more secure, smarter, and more sustainable.

DarkHorse Security

DarkHorse Security

DarkHorse exists to make it easy and affordable for organizations to be able to identify their cybersecurity vulnerabilities.

Aryon Security

Aryon Security

Aryon Security is redefining cloud security with the ability to enforce cloud strategy with confidence, enabling organizations to prevent risks before they emerge.

Lattica

Lattica

Lattica provides a cryptography solution for privacy-preserving interaction with AI services.

Cyber Command Pvt Ltd

Cyber Command Pvt Ltd

Cyber Command is your one-stop Cyber Security Service Provider, dedicated to delivering customized cybersecurity solutions that safeguard businesses from today's complex threat landscape.