Member Article

Majority of companies not confident about ‘business as usual’ 24 hours after a cyber incident

The clock starts ticking immediately following a cybersecurity incident with the first 24 hours vital in terms of incident response. According to a new social media poll by NTT Security, the specialised security company and centre of excellence in security for NTT Group, the majority (59 per cent) of respondents admit they are not confident their company could resume ‘business as usual’ after the first 24 hours, although 41 per cent say they are.

Asked about their number one focus in the first 24 hours after a security incident, nearly two-thirds (64 per cent) of respondents say mitigating the threat is the main priority, while 36 per cent say it is about identifying the cause. David Gray, Senior Manager and Incident Response Practice Lead EMEA at NTT Security, believes that although there is much greater security awareness from top to bottom within organisations, there is a clear lack of preparation and planning when it comes to incidents, despite the potential impact.

“There is still an element of ‘head in the sand’, where organisations simply don’t think it is going to happen to them, despite everything we are seeing in the news. Our global Risk:Value report* last year backs this up, with less than half (49 per cent) of respondents admitting they have implemented an incident response plan. While most say they communicate their plans internally, it’s still only a minority who are fully aware of them. These figures have barely changed year on year and suggest that incident response planning is still not a priority.”

The poll, which was conducted over Twitter and generated around 5,500 responses, points to a lack of resources that many organisations are struggling with today as a possible explanation for this. Lack of skills in-house is what worries the majority of companies (59 per cent) when responding to a cybersecurity incident or breach, while 41 per cent worry about lack of budget.

David Gray adds: “The worry is that even if organisations do have an incident response plan in place they simply do not have the resources to execute it, losing valuable hours or even days identifying the right skills and setting up the necessary SLAs and contracts. This is precious time wasted. Even the most mature security teams are forced into a reactive stance when something happens. Those first 24 hours are crucial in minimising the impact and cost of an incident and protecting valuable data, so they need to make them count!”

This was posted in Bdaily's Members' News section by Amanda Hassall .