Survey: businesses struggle to recover from cyber attacks

Wednesday 22 February 2017

Global organisations are better prepared to predict and resist cyber attacks, but struggle to recover from them, according to a survey published by EY.

EY’s 19th annual Global Information Security Survey (GISS) has compiled data collected from 1,735 organizations and globally examines some of the most compelling cybersecurity issues facing businesses today.

The survey focused on the frequency of cybersecurity attacks, the top threats facing companies, how organizations planned to recover after breaches and other vulnerabilities and obstacles that remained in securing businesses and their customers from cyberattacks.

According to the annual EY GISS, global organisations are more confident than ever that they can predict and resist a sophisticated cyberattacks but are falling short of investments and plans to recover from a breach.

Leo Boessenkool, EY Channel Islands ITRA Senior Manager, said: “Across the Channel Islands we have seen an improvement at board level with senior management now far more aware of cyber security issues than before. However, this hasn’t necessarily transferred into taking action. 

“While organisations have come a long way in preparing for a cyber breach, as fast as they improve, cyber attackers come up with new ploys. Cybersecurity is a continuous process which is here to stay and unfortunately there is no silver bullet. Companies also need to recognise that this is the responsibility of the whole company, not just the IT department.” 

Pictured: Leo Boessenkool, EY Channel Islands ITRA Senior Manager.

Here's a breakdown of the results:

Cybersecurity incidents are on the rise.
When asked about recent significant cybersecurity incidents, 57% of respondents said they had an incident and nearly half (48%) cited outdated information security controls or architecture as their highest vulnerability.

In addition, respondents said all of their top cybersecurity threats, including malware, phishing, and cyberattacks to steal financial information or intellectual property or data, are on the rise.

Most companies are not adequately prepared to recover after a cybersecurity breach.

Overall, 42% of respondents do not have an agreed communications strategy or plan in place in the event of a significant attack.

The survey also found that 62% of global organisations said it was unlikely they would increase their cybersecurity spending after a breach that did not appear to do any harm to their operations.

In the event of an attack that definitely compromised data almost half of the respondents (48%) would not notify customers who had been impacted within the first week.

Preparation should be a top priority for companies wishing to secure themselves against cyberttacks.

Continuity and disaster recovery is at the heart of an organisation’s ability to react to an attack however only 57% of respondents listed it as their top priority, along with data leakage and data loss prevention.

Although 42% plan to spend more this year on data leakage and loss prevention, only 39% plan to spend more on business continuity and disaster recovery.

Mr Boessenkool said: “Our report shows organisations need to sharpen their senses and upgrade their resistance to attacks. They also need to think beyond just protection and security to ‘cyber resilience’ – an organisation-wide response that helps them prepare for and fully address these inevitable cybersecurity incidents."

“In the event of an attack they need to have a plan and be prepared to repair the damage quickly and get the organisation back on its feet. If not, they put their customers, employees, vendors and ultimately their own future at risk.”

Further vulnerabilities and obstacles remain to preventing cyberattacks.

This year’s survey also shows that respondents continue to cite the same key areas of concern for their cybersecurity, such as the increased risks from the actions of careless or unaware employees and unauthorized access to data

Meanwhile obstacles to their information security function are virtually unchanged from last year, including:

• Budget constraints (61% compared with 62% in 2015) 

• Lack of skilled resources (56% compared with 57% in 2015)

• Lack of executive awareness or support (32%, the same as in 2015)

You can read the full survey report here.