Even though the number of security breaches is rising, and the number of companies in all industries being targeted rising as well, one might expect that companies would anticipate this potential crisis and set up a plan of action, in case disaster strikes.
Well, according to new figures by security firm NTT Com Security, not really.
The company took information from 24 security operations centres, seven R&D centres, 3.5 trillion logs and 6.2 billion attacks in 2015, and compiled it into a report entitled Global Threat Intelligence Report (GTIR). The report says that just 23 per cent of companies can effectively respond to a critical security incident. The rest, a stunning 77 per cent, are not properly prepared.
“Prevention and planning for cyber security incidents seems to be stagnating, according to the figures in both the GTIR and our recent Risk:Value report,” says Garry Sidaway, VP Security Strategy & Alliances, NTT Com Security.
“This is a real concern and could be down to a number of reasons, not least the possibility of security fatigue – too many high profile security breaches, information overload and conflicting advice – combined with the sheer pace of technology change, lack of investment and increased regulation.”
Financial services companies were leading the charge among disaster-ready companies, but have been taken over by retail in the last year. Retail now has 22 per cent of all response engagements, up from 12 per cent last year. This industry is a popular target, as it processes a lot of payment information.
“Facing security challenges that didn’t exist last year, let alone a decade ago, and struggling with a shortfall in information security professionals, many organisations no longer have the necessary skills or resources to cope,” Sidaway added. “Our mantra is prevention is better than cure and get the security basics right, including having a clear, well-communicated incident response plan.”