[BreachExchange] Nine in ten firms have been breached, but few worried about future incidents

Audrey McNeil audrey at riskbasedsecurity.com
Tue Sep 20 19:37:23 EDT 2016


http://business-reporter.co.uk/2016/09/20/nine-ten-firms-
breached-worried-future-incidents/

More than nine in ten businesses have experienced some form of cyber breach
in the last five years, according to a new report.

A survey by Lloyd's has revealed that 92 per cent of firms have been
breached, but only 42 per cent are worried that another incident will
happen in future.

Despite this suggestion of complacency, cyber security is now an executive
responsibility, with 54 per cent of CEOs in European companies accountable
for it.

However, many businesses still underestimate the potential impact of a
cyber breach, with only 13 per cent believing they will lose trade in the
event of an attack.

“It is reassuring that responsibility for cyber risk is sitting at the most
senior level of businesses, but it is clear that too many firms do not
believe that the dangers of a breach will severely impact them,” said Inga
Beale, chief executive at Lloyd’s.

“I’m afraid we no longer live in a world where you can prevent breaches
taking place, instead it is about how you manage them and what measures you
have in place to protect your business and importantly, your customers. As
recent events have shown, hard-earned reputations can be lost in a flash if
you do not have the correct plans in place.”

Although 97 per cent of respondents had heard about the EU’s upcoming
General Data Protection Regulation (GDPR), only seven per cent said they
know a great deal about it, while 57 per cent said they know little or
nothing of the legislation.

Only 58 per cent were aware of the GDPR’s financial penalties – up to €20
million (£17 million) or four per cent of a company’s global turnover,
whichever is greater – and just 52 per cent thought a cyber attack could
affect their reputations.

When asked what the top internal threats that could lead to a data breach
were, physical loss of paper or non-electronic devices and malicious
insiders topped the poll at 42 per cent, and were closely followed by human
error and lost, stolen or discarded equipment, which were both cited by 41
per cent of respondents.

Externally, hacking for financial gain was the top threat at 51 per cent,
followed by politically-motivated hacking at 46 per cent and hacking by a
competitor at 41 per cent.

These all ranked ahead of phishing (39 per cent), ransomware (37 per cent)
and malware (32 per cent), despite the ever increasing threat these pose to
businesses.

“I think what this shows is that the IT and security leaders inside big
businesses are acting as though they have already been defeated,” said
Matthew Ravden, CMO at Balabit.

“90 per cent have been hacked, and yet there is a shrug of the shoulders
when they are asked to consider future breaches. We have seen other stats
recently confirming that CISOs are extremely concerned about being breached
– particularly from malicious insiders – and yet this new stat shows that
most of them consider a breach an inevitability.

“In other words, they feel powerless to stop being breached…

“Breaches can be prevented, and it’s time big business started fighting to
protect users and their data, instead of preparing for the aftermath.”
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160920/55f69cdc/attachment.html>


More information about the BreachExchange mailing list