Eighty nine percent of organizations do not evaluate the financial impact of every significant breach and, of those that have suffered a cyber incident in the last year, nearly half have no idea what the financial damage is or could be, according to research by EY.
The survey also shows that 52% of all boards think their boards are not fully knowledgeable about the risks the organization is taking or the measures in place.
Moreover, three in four say those responsible for information security do not have a seat on the board, so the board has to rely on reporting instead. Only 25% of reporting provides an overall threat level, and only 35% shows where improvements were needed in the organization’s information security.
“When it comes to immediately dealing with a cyberattack that has damaged the organization, there is nowhere today that the board can hide,” authors of the report say. “If any weaknesses or failures in the recovery plans become known, and the longer these problems continue, the worse the situation will get. Some organizations may physically recover from an attack, but their reputation and trust can be destroyed. The key is to communicate and lead the communications before the strength of the traditional news media and social media takes over. Too many organizations are still unprepared.”
Forty two percent have no agreed-upon communications strategy in place in the event of a significant attack, according to the research. Thirty nine percent say they would make a public statement to the media within seven days of a cyberattack, and seventy percent would even notify regulators and compliance organizations.
On the other hand, forty six percent would not notify customers, even when customer data has been compromised, and fifty six percent would not notify suppliers, even when supplier data has been compromised.
A 2016 Bitdefender survey of 250 IT decision makers in the United States in companies with more than 1,000 PCs shows that virtualization is a strategic priority, yet companies are still not fully ready for the security challenges this environment brings. Some 73% of IT decision makers fear the financial compensation the company might have to pay in the event of a security breach, while 66% even worry about losing their job. Read the full white paper here.
Most companies have experienced a recent significant cybersecurity incident, proving that more work is needed to strengthen the corporate shield, as Business Insights noted.
The research was conducted between June and August 2016 and captures the responses of 1,735 C-suite leaders and Information Security and IT executives/managers, representing the largest global companies.