It’s great to see that businesses are putting in a financial provision should they suffer a cybersecurity breach, however, they must also keep focus on preventative measures. It’s an old saying, though it still applies; prevention is better than cure. It is true that cybersecurity threats are becoming more prevalent and sophisticated. Indeed, around two-thirds of those polled in our Risk:Value 2016 report fully expect to fall victim to a breach.
However, adjacent research (our Global Threat Intelligence Report) evidenced that attacks do not need to be sophisticated to succeed. Around three-quarters of the vulnerabilities we identified from our data were known for two or more years. Those findings indicate that getting the basics right, including regular updates and patching could have a huge impact to a business’ cybersecurity risk.
It is encouraging that businesses are recognising the criticality of cybersecurity and the potential financial impacts should the worst happen. Though being reactive is not enough, and there must be a balanced approach to risk. Getting the basics right should form an essential part of a well-rounded strategy and this should be underpinned by a robust incident response plan so that action can be taken swiftly to close vulnerabilities, minimise losses, and limit the impact to customers.
Formulating an appropriate strategy relies on understanding the level of risk a business is prepared to accept. Gaining visibility into the current risk exposure and map that against best practice allows organisations to become fully aware of their risks and manage them accordingly.
The right level of investment relies on understanding the issues; building a plan; and allocating the right resources to address the gaps in order of priority.
Recognising that breaches may happen is important, along with making sensible financial provisions. This also needs to be matched with focus on more proactive measures – both in planning and execution. A robust and well communicated approach to cybersecurity will help manage business risks and allow prompt action should a breach occur.
High profile attacks in 2015 mean that companies all understand the danger of poor security. But the report indicates that not enough is being done by organisations to protect themselves. Only half of respondents have a security policy in place 25% of companies are certain that they will suffer a breach Three quarters of people don’t believe that all their business data is secure A security breach will cost almost $1m on average – and far more for larger companies.