Businesses still need to do more planning against cyber-attacks

A new report has highlighted the prevalence of cyber-attacks against businesses, with incidents being a daily occurrence for some organisations.

The paper from Accenture (entitled "Business resilience in the face of cyber risk") questioned some 960 C-level executives, and 63 per cent of them indicated that their company was hit by "significant cyber-attacks" on a daily or weekly basis.

The vast majority of the executives, however, believed that their firm's cyber-defence measures were robust enough to cope, with 88 per cent saying this was the case.

86 per cent of respondents also said that they measured their company's resilience and strength of defences in order to gauge what improvements could be made.

That said, only a quarter of the execs stated that their company always incorporates defensive measures to increase resilience when it comes to designing new technology and operating models.

And also on the gloomier side of the cyber-defence picture, only nine per cent of respondents said their organisation uses self-diagnosis and inward-directed attacks to test their systems continuously.

Only half of execs (49 per cent) map out security and operational failure scenarios, and only 45 per cent of firms produce threat models to help facilitate a rapid response to any attack.

Brian Walker, managing director, Accenture Technology Strategy, commented: “Given the prevalence of cyber-attacks on today’s companies and government organisations, the only question for most is when a cyber-attack will occur, not if it will occur.

“While savvy executives know where their weak spots are, and work across the C-suite to prepare accordingly, testing systems, planning for various scenarios, and producing response and continuity plans that guide quick actions when a breach occurs, the data clearly shows that companies by and large have more work to do.”

Walker added: “To enable and protect the company, CEOs should work closely with their CIO, CISO and others across their leadership team as well as their board of directors, to make decisions about investments, and advance their business continuity efforts. They cannot prevent an attack or failure, but they can mitigate the damage it can cause by taking steps to make their business more resilient, agile and fault-tolerant.”