One in six businesses unprepared for data breach
18 October 2018
RESEARCH CONDUCTED by BSI has revealed that one in six European organizations are unprepared for a data breach.
The research carried out by the Cybersecurity and Information Resilience division of BSI for Cybersecurity Awareness month also highlighted that 39 per cent of organisations have experienced a data breach in the last 12 months. Three key areas were highlighted within the research were counteracting the cyber threat, rise in data breaches and pitfalls in migration of data.
BSI says that preparation is vital when it comes to counteracting the cyber threat and awareness training and ongoing testing is crucial for organizations. While 73 percent of organizations who responded to the BSI research said that they were concerned about cybersecurity and were seeking solutions, alarmingly one in six organizations highlighted that they had no plan in place. When asked if their organization was undertaking cybersecurity testing, over a third stated that they weren’t, however, 59 per cent revealed that they were engaging in end-user security awareness programmes.
The research highlighted that data breaches have been experienced by 39 percent of organizations. The global ISACA State of Cybersecurity 2018 Report* also revealed that 50 percent have experienced an increase in the number of cyberattacks compared to last year. Data processing has been a focus area this year with the introduction of the GDPR, with 45 percent of organizations stating that they had a good understanding of their data landscape since it was implemented on 25 May. 68 per cent of the respondents, with the increased knowledge in place, had conducted a high-level IT risk assessment in their organization, with one in five having a documented and tested Incident Response Plan (IRP) in place.
Cloud migration and cloud security has continued to grow and evolve this year however there are pitfalls to be aware of as part of an organisation’s cloud migration journey. Shadow IT** remains a key concern for businesses with 68 percent of respondents stating data loss is the main threat, followed by unauthorized applications (15 percent) and unauthorized devices (9 percent) as well as data residency (8 percent). 45 percent of organizations have engaged with additional security controls based on the requirements of their cloud systems.
Commenting on the research, BSI global head of cybersecurity and information resilience services Stephen O’Boyle said: “Training and education is essential when it comes to achieving information resilience and it’s reassuring to see that organisations are actively implementing awareness programmes in the workplace. However, being proactive about cybersecurity is a company’s best defence and it is unfortunate to see that one in six organizations are unprepared for a breach and that over a third of companies aren’t’ partaking in cybersecurity testing within their organisation.”
“The increase in imminent malware threats, the importance of complying with new data protection regulations, the treatment of Shadow IT, and the advances in social engineering have been at the forefront this year. At BSI, we work with organisations to implement tailored plans that incorporate training at all levels of an organization, from senior executives to junior employees, as well as cybersecurity testing services to identify and address any weaknesses. The cyber landscape is evolving, and organisations need to ensure that they are prepared so that they can remain resilient in protecting their information, people and reputation, both now and, in the future”.
BSI’s Cybersecurity and Information Resilience centre of excellence provides a range of solutions to help organizations address their information challenges covering cybersecurity, information management and privacy, security awareness, and compliance and testing. For more information visit bsigroup.com/cyber-uk