In previous blogs, we have talked about how companies can mitigate cyber risk by taking basic security precautions and communicating effectively with their own people about the importance of following protocol.
A recent paper from Accenture’s Strategy Group entitled, Business resilience in the face of cyber risk identified some gaps in companies’ efforts to mitigate the risks of cyber-attacks. Nearly two-thirds of the almost 900 executives surveyed in connection with the paper said that their companies experience significant cyberattacks daily or weekly; however, only 25 percent of them said their organization always incorporates measures into the design of their company’s technology and operating models to make them more resilient.
While 88 percent of the executives surveyed believe their cyber defense strategy is robust, understood by the organization, and fully functional, only nine percent of executives said their company proactively runs inward-directed attacks and conducts intentional failures to test their systems on a continuous basis.
About half (53 percent) of those surveyed said their company has a continuity plan that they refresh as needed. Just 49 percent map and prioritize security, operational and failure scenarios, and even fewer (45 percent) have produced threat models to existing and planned business operations to enable rapid responses to an attack or system failure. Only 38 percent of the executives said their companies had thoroughly documented the relationships between their technology and operational assets to identify resilience risks and dependencies in their organization.
Cyber insurance is expensive, and most policies call upon companies to undertake effective security measures. In our next blog we will look at some additional steps that companies can take to reduce the risk of cyber-attack.