BSI Survey: “One-in-six businesses presently unprepared for data breach episodes”

Research conducted by BSI, the business improvement company, has revealed that one-in-six European organisations are unprepared for a data breach. The research, which has been carried out by the Cyber Security and Information Resilience division of BSI for Cyber Security Awareness Month, also highlights that 39% of organisations have experienced a data breach in the last 12 months.

Three key areas have been highlighted within the research. These are as follows:

Counteracting the cyber threat

Preparation is vital when it comes to counteracting the cyber threat and awareness training and ongoing testing is crucial for organisations. While 73% of organisations who responded to the BSI’s research said that they were concerned about cyber security and seeking solutions, alarmingly one-in-six organisations highlighted that they had no plan in place. When asked if their organisation was undertaking cyber security testing, over a third stated that they weren’t. However, 59% revealed that they were engaging in end user security awareness programmes.

Rise in data breaches and cyber attacks

The BSI research highlights that data breaches have been experienced by 39% of organisations. The global State of Cyber Security 2018 Report by ISACA also revealed that 50% have experienced an increase in the number of cyber attacks compared to last year.

Data processing has been a focus area this year with the introduction of the EU’s General Data Protection Regulation, with 45% of organisations stating that they had a good understanding of their data landscape since the new legislation was implemented. 68% of the respondents with increased knowledge in place had conducted a high-level IT risk assessment within their organisation, with one-in-five having a documented and tested Incident Response Plan in place.

Pitfalls in migration of data

Cloud migration and cloud security has continued to grow and evolve this year. However, there are pitfalls to be aware of as part of an organisation’s cloud migration journey. Shadow IT remains a key concern for businesses with 68% of respondents stating data loss is the main threat, followed by unauthorised applications (15%) and unauthorised devices (9%) as well as data residency (8%). 45% of organisations have engaged with additional security controls based on the requirements of their cloud systems.

Training and education

Commenting on the research, Stephen O’Boyle, global head of cyber security and information resilience services at BSI, said: “Training and education is essential when it comes to achieving information resilience. It’s reassuring to see that organisations are actively implementing awareness programmes. However, being proactive about cyber security is a company’s best defence. It’s unfortunate to note that one-in-six organisations are unprepared for a breach and that over a third of companies are not partaking in cyber security testing within their organisation.”

O’Boyle continued: “The increase in imminent malware threats, the importance of complying with the GDPR, the treatment of Shadow IT and the advances in social engineering have been at the forefront this year. At BSI, we work with organisations to implement tailored plans that incorporate training at all levels of an organisation, from senior executives to junior employees, as well as offering cyber security testing services to identify and address any weaknesses. The cyber landscape is evolving and organisations need to ensure that they’re prepared such that they can remain resilient in protecting their information, people and reputation, both now and into the future.”

*BSI’s Cyber Security and Information Resilience Centre of Excellence provides a range of solutions to help organisations address their information challenges covering cyber security, information management and privacy, security awareness and compliance and testing. For more information visit

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts