The Board of directors and senior management 2018 responsibilities on cybersecurity and cybercrime
The prevalence of information security threats some global organisations including the UK Department of Trade and Industry and the Confederation of Danish Industries Data and Information Security Breaches Survey have done several surveys to assess the state of cyber, data and information security, across a representative sample of European organisations.
Based on the many surveys we have consolidated the data with weighted averages and have come to the following general conclusion:
- 60 percent of the organisations surveyed recognised that they possess highly confidential information that was crucial to their continued survival
- 80 % of the more significant organisations did not have a complete and thorough overview of their information assets. Smaller agencies have a better understanding of their information assets.
- 80% of all businesses store highly confidential records on computers.
- 75% would suffer substantial business disruption if these data were corrupted.
- 30% of European companies tested their disaster recovery plans
- 70% of European enterprises had a cyber or security incident in the past year.
- The annual number of incidents is 10 for smaller companies and 20 for episodes for large companies
Organisations were significantly more pessimistic about the future attitude about cyber and information security breaches. A vast majority of them believe that cyber, IT and data infringement incidents will happen more often in future and be much harder to detect with the current technology.
New technologies pose a specific security threat.
Almost a 100% (97%) of European businesses have an internet connection. With the advent of new technologies, internet of things and an ecosystem of digital interconnectedness significantly increases an organisation's exposure to theft of its most valuable assets.
The values include confidential customer data and vital information such as intellectual property and strategic blueprints. Preparedness to the cyber and IT security is the first line of defence. Since only 7% of organisations claim to have a robust incident response program, that includes third party law enforcement program, that is integrated with their broader data, threat and vulnerability security system this missing element now becomes a major GDPR compliance issue.
2018 priority for the board of directors
The emphasis for boards and senior management is to make sure that companies are prepared to address the critical infrastructure, enhancing crisis response and mapping a strategy that emphasises a right balance of preventive and responsive controls.
The priority for the board of directors is to be able to efficiently guide the management to navigate through the layers of cyber and IT security risks and threats;
- Appropriately set the risk appetite and assure that resources are available to take decisive action to handle any incidents.
- Accept that the risk of a cyber breach needs to be continually managed, and adequate preparation that enables an organisation with a business continuity plan to get back in business following an attack
- Management must then confirm that there are a system and backup plan that facilitates data migration in a crisis with a swift response to minimise exposure and reputational damage.