Research by Insurance giants Lloyds of London has shown that even though a staggering 9 out of 10 businesses have been hacked once in the last 5 years, less than half of CEOs are concerned that they may be hacked again in the near future.
Wrong Attitude and Reactive Security.
One of the reasons for the apparent lack of concern by such a large proportion of CEOs, despite almost weekly news reports of high profile hacks can be seen in another alarming statistic. The Lloyds research showed that only 13% of businesses believe they would lose customers if they experienced a data breach. The thought ‘try telling that to TalkTalk’ who lost an estimated 101,000 customers (3% of their subscriber base) after a hack last October comes to mind. By having a less blasé and more realistic attitude CEOs may be more inclined to take precautions that could prevent serious attacks.
Some of the feedback in the research also pointed to an unhealthy reliance on reactive security systems.
How You Manage A Breach Is Vitally Important.
Even though our businesses take a number of sensible and well planned security measures, many technology and security commentators believe that the fact that today’s hackers are used advanced methods and are persistent means that they tend to get in to their target networks eventually. Many tech security commentators therefore take the opposite view to many CEOs by seeing security breaches as almost inevitable. It is therefore more a case now of accepting that a breach is likely and focusing on what measures your business has in place to protect your business and customers when a breach happens.
Many tech security commentators therefore now believe that this acceptance of the very realistic possibility of a hack / breach should be the healthy norm. This is one of the reasons why so many companies now have Disaster Recovery Plans in place.
Taking Too Long To Identify When Breach Has Happened.
Another issue highlighted by the Lloyds research is the fact that businesses take too long to identify when a breach has actually taken place. This gives the hacker plenty of time to search the whole network for vulnerabilities.
GDPR A Motivator For A Change of Attitude.
Many security specialists believe that the introduction of the EU’s GDPR in 2018 will motivate CEOs to adopt a different, much more security conscious attitude. If businesses are not prepared and vigilant enough to detect and report a crime within 72 hours they could face a colossal (up to $20m) fine under GDPR.
What Does This Mean For Your Business?
It is important that CEOs realise that we now live in a time where cyber crime is a very real and ever-present threat, and any complacency could leave a business wide open. Cyber criminals use advanced and sophisticated methods so businesses now need to use many different tools to stay one step ahead including security intelligence and analytics, while investing in threat detection and response capabilities. Adequate steps should also be taken by all businesses to make sure that they are able to comply with GDPR when it is introduced in 2018.