The Business Continuity Institute (BCI) has called for improved user education and cyber resilience after revealing that nearly two-thirds (64%) of global firms have experienced at least one cyber “disruption” in the past year.
The BCI’s latest Cyber Resilience Report comprises interviews with 734 respondents from 69 countries, and found one in six (15%) had experienced at least 10 disruptions in the 12-month period.
A BCI spokesman confirmed to Infosecurity that “disruption” refers in this case to “any cyber event that has a negative impact on the organization.”
Phishing and social engineering were the primary cause of more than half (57%) of disruptions, highlighting the urgent need for improved user education.
Those figures echo findings from this year’s Verizon Data Breach Investigations Report (DBIR), which revealed phishing was a part of 21% of attacks in 2016, up from only 8% the year previous.
With time of the essence when it comes to dealing with a threat, it’s disappointing that 67% claimed it takes their organization over one hour to respond to an incident, while 16% said it can take over four hours.
A third (33%) said that the ensuing disruption following an attack cost the firm more than €50,000 (£44K, $57K) while 13% experienced losses in excess of €250,000 (£222K, $284K).
One in five SME respondents (18%) reported cumulative losses of more than €50,000, a big deal for smaller firms.
On the plus side, 87% of organizations polled reported having business continuity arrangements in place to respond to cyber incidents.
The WannaCry epidemic and this week’s ‘NotPetya’ attacks have shown just how fragile major organizations’ IT infrastructure is.
Big name firms including DLA Piper, Maersk, Merck, WPP and others have all been struck by the latest ransomware ‘worm’ to use NSA exploits and a host of other propagation and infection techniques.
David Thorp, executive director at the BCI, argued that IT silos need to be broken down if firms want to improve their resilience to such threats.
“Co-operation is key to building cyber and organizational resilience,” he added. “Different disciplines such as business continuity, information security and risk management need to come together, share intelligence and start speaking the same language if they want to build a safer future for their organizations and communities.”