[BreachExchange] 44% of UK business leaders expect to face rising security threats – but 43% have no crisis response plan

Audrey McNeil audrey at riskbasedsecurity.com
Thu Aug 3 19:10:34 EDT 2017


http://hrnews.co.uk/44-uk-business-leaders-expect-face-
rising-security-threats-43-no-crisis-response-plan/

HR Managers know only too well that good managers prepare and plan for the
unexpected.  However, it seems the small to medium businesses they work for
ARE expecting a security crisis, but are woefully unprepared.

UK employers are aware that security threats are rising, with 44% of them
expecting to face some form of attack in the near future. This is the key
finding of research commissioned by Arthur J. Gallagher, focused on
evaluating business resilience, which identifies a perception gap between
the level of preparedness of UK business and the growth in security threats.

43% of the 1000+ business leaders surveyed by YouGov admitted to having no
contingency plans for a crisis or not knowing what those plans were.
Furthermore, only 30% have insurance in place that would respond to a
security crisis — such as terrorism, cyber extortion, sabotage, product
tamper or emergency repatriation — with a further 40% not knowing if they
have insurance cover or not.

The research also highlighted a very clear gap in perception between the
threats employers face and their level of preparedness. More than two
thirds (68%) of employers questioned believe they are resilient and
well-equipped to deal with a security crisis despite their planning and
insurance protection levels showing otherwise.

There is, however, a widespread understanding that threat levels are
growing, with one in five (19%) UK small and medium businesses having faced
an external security threat in the past two years while more than double
that number (44%) believes they could face a threat in the coming 12 to 18
months. More than a quarter (27%) of those asked say they specifically
expect to suffer cyber extortion in the near future*.

The Gallagher report, Understanding security risks: how SMEs can build a
culture of resilience, released today and available here, looks at the
understanding of UK SMEs about today’s fast-evolving security threats,
their preparedness for the risks they face and the measures in place to
help them anticipate, prevent, respond and recover in the event of a
crisis. It is Gallagher’s second business resilience report, following the
first — published last month — which focused on the preparedness of large
UK companies to respond to security threats.

When comparing responses between SME leaders and those of larger companies,
Gallagher’s research clearly showed that many SMEs feel they are too small
to be targeted, with only 17% having tried to assess their exposure. But
the nature and effect of today’s low frequency high impact security threats
— such as terrorism and cyber extortion — is often non-targeted. Large
security cordons, for example, prevent access to premises, while mass
ransomware attacks mean smaller firms are often more vulnerable than large
organisations.

Identifying this perception gap shows there is an important role for
brokers to play in helping small and mid-sized firms better understand the
nature of today’s security threats, their vulnerability to them and the
steps that can be taken to mitigate those risks over and above the
arrangement of insurance.

Paul Bassett, Managing Director of Gallagher’s Crisis Management practice,
said:

“It is vital for SMEs to build a culture of crisis resilience. Their
growing awareness of an overall increase in security threats needs to be
matched by actions that will help them mitigate and manage their own
vulnerability to those risks. Our research shows education is key; clearly,
there is a disconnect between the current level of planning by SMEs and how
resilient they believe themselves to be, creating a false sense of security.

“Many evidently feel they are too small to be targeted but today’s
fast-evolving security threats are often not targeted at any particular
company or industry. Exposure to the risk of non-damage business
interruption – where no physical loss has been suffered but you aren’t able
to trade – is a particular area of concern. That could be experienced
because of proximity to a terrorist incident or an indiscriminate cyber
extortion attack, for example.”

 Justin Priestley, Executive Director of Crisis Management at Gallagher,
added:

“It’s impossible to insure against every eventuality, but brokers have an
opportunity to demonstrate their value by taking a consultative approach
and working with SMEs on a more in-depth risk assessment and analysis. This
will allow clients to make informed decisions about the steps they can and
should take to become more crisis resilient.

“The provision of new solutions, that respond to a wide-range of security
threats but at a cost-effective price point, will also help to ensure
smaller businesses, in particular, are in a better position to anticipate,
prevent, respond, and recover if hit by the unexpected. After all, a
£50,000 cyber extortion demand or week of business closure is much more
likely to threaten the survival of an SME than a large firm.”
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170803/fb24f6b3/attachment.html>


More information about the BreachExchange mailing list