Cybersecurity the top risk business faces today
In a world in which literally every organisation depends on digital, cyber resilience is the ticket to survival and growth, and cybercrime can cost a business everything.
It’s strange then, that cyber risk and cyber resilience are still put on the backburner in discussions about corporate risk, strategy and opportunities.
The latest annual Ponemon Institute and IBM Cost of a Data Breach Report states the global average cost of data breaches reached an all-time high of $4.35 million this year – nearly 10% higher than last year.
For critical infrastructure organisations, the cost of a breach was around $4.82 million. Some 60% of the breached organisations had to raise the prices of their products and services as a result.
Organisations that are more cyber resilient fared better: those without Zero Trust frameworks in place had breach costs on average $1 million higher than those who did.
Organisations with incident response teams and regularly tested incident response plans were able to save $2.66 million, on average.
At a time of soaring costs and supply chain challenges, few organisations can afford the losses, downtime and reputational damage a breach would cause.
Cyber resilience should be at the top of the board’s agenda, but in many cases, it is still seen as an IT imperative – until things go wrong, that is.
Ponemon Institute’s Cyber Resilient Organization Report 2020 noted that the most cyber resilient organisations outperform others by more than 30% in their ability to prevent, detect, contain and respond to cyber-attacks.
In 2021, the Institute found that cyber risk and ransomware attacks were getting worse, with 51% of respondents saying they had sustained a data breach over the last 12 months and 46% having had at least one ransomware attack over the past two years.
61% of those that had fallen victim to a ransomware attack had paid the ransom, and in most of those cases, the attackers had demanded ransoms of over $1 million.
Despite the growing risks, only 23% rated their cyber resilience as a 9 or 10 on a scale of 1 to 10.
The first WEF Global Cybersecurity Outlook flagship report, released earlier this year, found that as many as 87% of executives are planning to improve cyber resilience at their organisations by strengthening resilience policies, processes and standards for how to engage and manage third parties.
The report reveals a mismatch between what executives thought and how cybersecurity and risk professionals saw their companies’ efforts to become cyber resilient, however.
While 92% of business executives surveyed agreed that cyber resilience was integrated into enterprise risk management strategies and 41% believed cyber resilience was a business priority, only 55% of security-focused leaders surveyed agreed that it was integrated into enterprise risk management and as few as 13% felt it was an established business priority.
With cyber risk so ubiquitous, boards should have cyber resilience as their top priority, and focus on resilience before they embark on other digital transformation initiatives.
Loading ...