63 per cent of UK companies have had a security breach within the last year

Audience polling revealed yesterday that 63 per cent of UK companies represented had had a security breach within the last year, and a further 19 per cent were unable to confirm.

At an industry conference in London yesterday, expert speakers addressed 135 information security industry leaders as part of discussions on how to build a robust incident response plan, in the event of a cyber attack.

With cyber security being such a key issue with the likes of Ashley Madison and British Airways making headlines almost every day, the R3 Summit brought some strong learnings to the fore in terms of combatting cyber attacks.

Eight key takeaways

  1. The speed of response is of the utmost importance in the first 48 hours. At the same time, avoid making instant yes/no decisions and think about the implications of each action.
  2. Use the word ‘incident’ rather than ‘breach’, to avoid panicking employees, until it’s certain there is a breach.
  3. The crisis management team needs to be able to work well under pressure – not just in drills but in the real thing. Turn up the air conditioning during drills to make them uncomfortable and simulate stress.
  4. To create an incident response plan, look at a wide range of issues, then industry-specific issues, and then threats specific to your company.
  5. Incident response plans need backup contacts who have had IR training, in case the first choice is unreachable.
  6. Think about how to humanise a breach, and the best way to communicate that with customers. Be careful to avoid contradicting yourself or putting yourself in a legally risky position. Plan what might be communicated to customers via social media channels after different kinds of incident.
  7. Have a designated spokesperson, trained in crisis comms, to speak for the company in case of an incident.
  8. Breach fines being discussed for new EU regulations will be between two and five per cent of global revenue. Data encryption or de-identification will reduce this. Mandatory breach reporting will come into effect.

R3 is part of a wider series of content from London-based Business Reporter, a publishing firm that distributes content via The Sunday Telegraph.  The flagship event in this series, TEISS, will take place in February next year for the fourth time.

Attracting more than 300 industry leaders, TEISS is the only place in the UK that you can access this many senior level peers from across various industries as well as receive a global perspective from our international speakers. For 2016, the event will focus on what the industry needs right now – education and culture as a solution to cyber security.

With thanks to our Advisory Board

Professor Tim Watson
Director, Cyber Security Centre
University of Warwick

Steve Wright
Chief Privacy Officer
Unilever

Vicki Gavin
Compliance Director
The Economist Group

Andrzej Kawalec
CTO
HP Enterprise Security Solutions

Paul Simmonds
CEO
Global Identity Foundation

Derek Brink
Vice President, Research Fellow
Aberdeen Group

About Business Reporter

Business Reporter (Lyonsdown) is the UK’s leading publisher of special interest reports. Distributed with major national newspapers, each of our publications reaches an average of 1.5 million people.

Our prestigious industry events bring business leaders together to connect, collaborate and share new ideas around cyber security, customer experience, and digital content management.

For more information contact

Ivan Ujvari
Marketing Director
i.ujvari@business-reporter.co.uk
0208 349 6493

Shares

Get our latest features in your inbox

Join our community of business leaders