Around two-thirds of senior business leaders feel that the right response can enhance corporate reputation, while 11 per cent disagree.
According to the Economist Intelligence Unit research on cyber incident response, while three-quarters of companies have suffered a data-related incident in the last two years, 67 per cent are prepared with a response plan. More than 80 per cent are expected to have something in place in the next three years.
James Chambers, editor of the report, said: “Even though businesses have less control and knowledge over increasingly sophisticated and frequent cyber-attacks, one thing they can control is their response. It is encouraging that executives recognise an opportunity to add to their reputation, but to achieve this, preparations need to evolve beyond a closed-door, purely defensive, response.”
Commenting, Barry Shteiman, director of security strategy at Imperva, said: “A security strategy of an organisation should assume that the organisation can and may already have intruders in their environment, either in the compromised or the malicious form.
“By realising that keeping intruders out is close to impossible, companies can change their mindset and realise that when an intruder is inside, they are after their online assets. Protecting those assets on file servers, databases by maintaining proper access control and audit can help prevent a breach, but is also crucial in understanding a breach once it has already happened, by enabling an audit trail.”
Shteiman recommended that a chief marketing officer of a company should be ready for the day that the organisation is breached, and have a proper response policy and procedure in place. “It is crucial however to demonstrate, both for security and for reputation, that the organisation maintains data control and audit at all times and that there is a way to trace back an incident and scope it,” he said.
“A response along the lines of ‘we know that we have been hit, but can’t estimate the magnitude yet’ may prove problematic for the brand itself.”
The report also said that the level of preparedness is being held back by a lack of understanding about threats, as 73 per cent of companies feel that they are at least “somewhat prepared” for an incident.