“Incident Response Management: How European Enterprises are Planning to Prepare for a Cyber Security Breach” report
You can now download the study conducted by the consultancy company Pierre Audoin Consultants (PAC) and supported by Telefónica.
Suffering a major breach is a near-certainty. Research from a variety of sources shows that the average firm will suffer one major breach each year. The consequences of a major breach include loss of IP, availability, customer service, revenue and reputation. And the fines for data protection non-compliance are set to soar under the upcoming GDPR and NISD regulations, with mandatory breach reporting due to be introduced from 2017.
Responding to an incident quickly and effectively is a complex process, involving technical, communications & management staff. Enterprises are struggling to cope with Incident Response and the world is watching as they respond.
The analysis and consultancy company Pierre Audoin Consultants (PAC), supported by Telefonica, has conducted this study to investigate the extent to which firms are experiencing cyber breaches, and if so how organizations are prepared for this eventuality. Are cyber breaches inevitable?
The study also explores how firms cope with the skills shortage, and if they use technology and/or outsourced services to deliver Incident Response. Do firms seek to offset cyber breach risk, through a combination of IR planning and Cyber Risk insurance?
The study questioned 200 decision makers in large companies in the UK, France and Germany, to understand their motivations and drivers with regard to Incident Response. It deals with the following questions:
- To what extent are firms being breached, and what is their broad approach to responding to such incidents?
- Do companies understand the importance of IR? Do they have a defined and tested IR plan?
- Are they adjusting their cyber security spend, or allocating new budget, in order to fund an IR programme?
- Do they test their IR regularly and update processes accordingly? Do they follow best practices?
- Do they use an IR management tool? Do they outsource IR capability? Are they aware of the impending NIS and GDPR regulatory changes?
- Is their technical IR plan integrated with business and communications contingency planning?