Most Companies Admit They Don’t Have a Very Effective Security Response Plan

    Slide Show

    Five Ways a CFO Can Invest in Securing Their Organization

    Do you have a cybersecurity emergency plan in place? If you do, are you confident in your cybersecurity plan? If you answered both of these questions with a yes, pat yourself on the back for a job well done. And then volunteer some advice to your business peers because you are in the minority.

    According to a new study by the SANS Institute, sponsored by AccessData, AlienVault, Arbor Networks, Bit9 + Carbon Black, HP and McAfee/Intel Security, found that 90 percent of American businesses don’t have a very effective cybersecurity emergency plan. One of the top reasons why an effective plan isn’t in place is lack of time to do so and a lack of budget, at 62 percent and 60 percent, respectively.

    So, the companies that are already spending time and money on some sort of cybersecurity emergency plan don’t have one as good as they’d like. But these companies are also in the minority, as 43 percent don’t have any type of formal emergency response plan and 55 percent don’t have a response team. That could be a fatal mistake, especially considering that more than half claimed to have had at least one critical incident requiring a response over the past two years.

    And chances are it will only get worse. Trend Micro’s second quarter round-up report found that data breaches and other cyber threats dominated the Internet landscape in the first half of 2014, and the study warned that enterprise needs to do a much better job protecting company data. According to the Wall Street Journal:

    These incident attacks in the second quarter affecting consumer’s personal information included theft of data such as customer names, passwords, email addresses, home addresses, phone numbers, and dates of birth. These types of personal privacy breaches have affected organization’s sales and earnings while leaving customers unable to access accounts and dealing with service disruption. As a result many countries have begun developing stricter privacy and data collection policies to begin dealing with this problem.

    As Tom Kellermann, chief cybersecurity officer for Trend Micro, told eWeek, we can expect the threats to keep escalating, in part because criminals are taking their activities virtual. He went on to say:

    For too long corporations have viewed security as an expense rather than a functionality of conducting business online. Greater percentages of the IT budget must be dedicated to the safety of their customers online.

    It all comes down to budget, doesn’t it? But as many studies have shown, the vast majority of smaller companies shut down after a breach, and we’re seeing the push-back and ruined reputations of large companies that have had a miserable response to an attack. What company can afford that?

    Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom’s Guide. You can reach Sue via Twitter: @sueporemba

    Sue Poremba
    Sue Poremba
    Sue Poremba is freelance writer based on Central PA. She's been writing about cybersecurity and technology trends since 2008.

    Get the Free Newsletter!

    Subscribe to Daily Tech Insider for top news, trends, and analysis.

    Latest Articles