UK firms in the dark around the impact of cyber attacks

Source: Samigration, 19/11/2018

UK firms have a long way to go in building the business resilience
required to withstand cyber threats and other major disruptions, a
study shows
While 99% of UK business leaders believe that making technology
resilient to business disruptions is important, only 54% claim
their organisation is as resilient as it needs to be, a study has
revealed.
In recent years, the security industry has increasingly recognised
the importance of focusing on resilience to ensure that when
defences are breached, organisations are able to reduce the impact
on the business.
A fifth of more than 1,000 UK business decision makers polled by
security firm Tanium admitted they would not be able to calculate
indirect costs from lost revenue and productivity following a
cyber attack.
The Tanium resilience gap study also found that there are more
barriers to achieving the resilience that 97% of respondents
believe to be important, with 38% of respondents blaming their
organisation’s growing complexity as one of the biggest barriers
to building business resilience, while 21% blame siloed business
units.
Asked about their team and tools, 35% of respondent said the issue
lies with the hackers being more sophisticated than IT teams, 21%
claim that they do not have the skills needed within the company
to detect cyber breaches accurately in real time, and 27% said
poor visibility of entry points is a barrier to resilience.
“The speed of digital transformation has led organisations to
purchase multiple tools to solve IT security and operations
challenges, which is leaving IT infrastructures vulnerable to
threats,” said Matt Ellard, managing director for Europe at
Tanium.
“Business resilience is fundamental to any strategy for long-term
growth, yet the findings suggest that many UK businesses still
have a long way to go,” he said.
Organisations need to build a strategy for business resilience,
said Ellard. “That starts with ensuring they have real-time
visibility of where threats exist across their network, most
crucially at the endpoints. If you can’t pinpoint current
vulnerabilities or the origin of a threat, you can’t expect to
defend against them,” he added.
The study also revealed gaps in accountability and trust across
organisations. One of the main reasons organisations are unable to
achieve business resilience against disruptions such as cyber
threats is due to growing confusion internally on where the
responsibility for resilience lies.
More than a quarter (28%) believe it should be the responsibility
of the CIO or head of IT, the same proportion said every employee
should be responsible, while 13% said full responsibility lies
with the CEO alone. One in 10 (11%) believe it falls to senior
leadership.
“Businesses are becoming entirely dependent on their technology
platforms,” said Ellard. “But if that technology stops running,
the business will too, with potentially serious consequences for
sales, customer confidence, and brand equity, not to mention
productivity.
“To deliver resilience, a new discipline needs to be instilled
across governments and enterprise organisations. This discipline
is more than prevention. It’s more than recovery. It’s a shared
practice that should unite IT, operations and security teams to
ensure strong security fundamentals are embedded across the entire
company network. Only then can organisations act and react in real
time to threats.”