Research finds one in six businesses unprepared for a data breach

By Business & Finance
26 October 2018

Research conducted by BSI has revealed that one in six European organisations are unprepared for a data breach.

The research carried out for Cybersecurity Awareness month also highlighted that 39 per cent of organisations have experienced a data breach in the last 12 months. Three key areas were highlighted within the research:

Counteracting the cyber threat

Preparation is vital when it comes to counteracting the cyber threat and awareness training and ongoing testing are crucial steps for organisations.  While 73 per cent of organisations who responded to the BSI research said that they were concerned about cybersecurity and were seeking solutions, alarmingly one in six organisations highlighted that they had no plan in place. When asked if their organisation was undertaking cybersecurity testing, over a third stated that they weren’t, however, 59 per cent revealed that they were engaging in end-user security awareness programmes.

Rise in data breaches and cyberattacks

The research highlighted that data breaches have been experienced by 39 per cent of organisations. This is concerning, considering the global ISACA State of Cybersecurity 2018 Report* which revealed that 50 per cent have experienced an increase in the number of cyberattacks compared to last year.  Data processing is a focus area this year with the introduction of the GDPR, with 45 per cent of organisations stating that they had a good understanding of their data landscape since it was implemented on 25 May. 68 per cent of the respondents, with the increased knowledge in place, had conducted a high-level IT risk assessment in their organisation, with one in five having a documented and tested Incident Response Plan (IRP) in place.

Pitfalls in migration of data

Cloud migration and cloud security has continued to grow and evolve this year however there are pitfalls to be aware of as part of an organisations cloud migration journey. Shadow IT remains a key concern for businesses with 68 per cent of respondents stating data loss as the main threat, followed by unauthorised applications (15 per cent) and unauthorised devices (9 per cent) as well as data residency (8 per cent). 45 per cent of organisations have engaged with additional security controls based on the requirements of their cloud systems.

Commenting on the research, Stephen O’Boyle, Global Head of Cybersecurity and Information Resilience Services at BSI, said:

Training and education is essential when it comes to achieving information resilience and it’s reassuring to see that organisations are actively implementing awareness programmes in the workplace. However, being proactive about cybersecurity is a company’s best defence and it is unfortunate to see that one in six organisations are unprepared for a breach and that over a third of companies aren’t’ partaking in testing within their organisation.

“The increase in imminent malware threats, the importance of complying with new data protection regulations, the treatment of Shadow IT, and the advances in social engineering have been at the forefront this year. The cyber landscape is evolving, and organisations need to ensure that they are prepared so that they can remain resilient in protecting their information, people and reputation, both now and, in the future,” concluded O’Boyle.