Technology / Nine in ten firms have been breached, but few worried about future incidents
Nine in ten firms have been breached, but few worried about future incidents
20 September 2016 |
More than nine in ten businesses have experienced some form of cyber breach in the last five years, according to a new report.
A survey by Lloyd's has revealed that 92 per cent of firms have been breached, but only 42 per cent are worried that another incident will happen in future.
Despite this suggestion of complacency, cyber security is now an executive responsibility, with 54 per cent of CEOs in European companies accountable for it.
However, many businesses still underestimate the potential impact of a cyber breach, with only 13 per cent believing they will lose trade in the event of an attack.
“It is reassuring that responsibility for cyber risk is sitting at the most senior level of businesses, but it is clear that too many firms do not believe that the dangers of a breach will severely impact them,” said Inga Beale, chief executive at Lloyd’s.
“I’m afraid we no longer live in a world where you can prevent breaches taking place, instead it is about how you manage them and what measures you have in place to protect your business and importantly, your customers. As recent events have shown, hard-earned reputations can be lost in a flash if you do not have the correct plans in place.”
Although 97 per cent of respondents had heard about the EU’s upcoming General Data Protection Regulation (GDPR), only seven per cent said they know a great deal about it, while 57 per cent said they know little or nothing of the legislation.
Only 58 per cent were aware of the GDPR’s financial penalties – up to €20 million (£17 million) or four per cent of a company’s global turnover, whichever is greater – and just 52 per cent thought a cyber attack could affect their reputations.
When asked what the top internal threats that could lead to a data breach were, physical loss of paper or non-electronic devices and malicious insiders topped the poll at 42 per cent, and were closely followed by human error and lost, stolen or discarded equipment, which were both cited by 41 per cent of respondents.
Externally, hacking for financial gain was the top threat at 51 per cent, followed by politically-motivated hacking at 46 per cent and hacking by a competitor at 41 per cent.
These all ranked ahead of phishing (39 per cent), ransomware (37 per cent) and malware (32 per cent), despite the ever increasing threat these pose to businesses.
“I think what this shows is that the IT and security leaders inside big businesses are acting as though they have already been defeated,” said Matthew Ravden, CMO at Balabit.
“90 per cent have been hacked, and yet there is a shrug of the shoulders when they are asked to consider future breaches. We have seen other stats recently confirming that CISOs are extremely concerned about being breached – particularly from malicious insiders – and yet this new stat shows that most of them consider a breach an inevitability.
“In other words, they feel powerless to stop being breached…
“Breaches can be prevented, and it’s time big business started fighting to protect users and their data, instead of preparing for the aftermath.”
For more on the survey, see the Lloyd’s website.