Research conducted by BSI, the business improvement company, has revealed that one-in-six European organisations are unprepared for a data breach. The research, which has been carried out by the Cyber Security and Information Resilience division of BSI for Cyber Security Awareness Month, also highlights that 39% of organisations have experienced a data breach in the last 12 months.
Three key areas have been highlighted within the research. These are as follows:
Counteracting the cyber threat
Preparation is vital when it comes to counteracting the cyber threat and awareness training and ongoing testing is crucial for organisations. While 73% of organisations who responded to the BSI’s research said that they were concerned about cyber security and seeking solutions, alarmingly one-in-six organisations highlighted that they had no plan in place. When asked if their organisation was undertaking cyber security testing, over a third stated that they weren’t. However, 59% revealed that they were engaging in end user security awareness programmes.
Rise in data breaches and cyber attacks
The BSI research highlights that data breaches have been experienced by 39% of organisations. The global State of Cyber Security 2018 Report by ISACA also revealed that 50% have experienced an increase in the number of cyber attacks compared to last year.
Data processing has been a focus area this year with the introduction of the EU’s General Data Protection Regulation, with 45% of organisations stating that they had a good understanding of their data landscape since the new legislation was implemented. 68% of the respondents with increased knowledge in place had conducted a high-level IT risk assessment within their organisation, with one-in-five having a documented and tested Incident Response Plan in place.
Pitfalls in migration of data
Cloud migration and cloud security has continued to grow and evolve this year. However, there are pitfalls to be aware of as part of an organisation’s cloud migration journey. Shadow IT remains a key concern for businesses with 68% of respondents stating data loss is the main threat, followed by unauthorised applications (15%) and unauthorised devices (9%) as well as data residency (8%). 45% of organisations have engaged with additional security controls based on the requirements of their cloud systems.
Training and education
Commenting on the research, Stephen O’Boyle, global head of cyber security and information resilience services at BSI, said: “Training and education is essential when it comes to achieving information resilience. It’s reassuring to see that organisations are actively implementing awareness programmes. However, being proactive about cyber security is a company’s best defence. It’s unfortunate to note that one-in-six organisations are unprepared for a breach and that over a third of companies are not partaking in cyber security testing within their organisation.”
O’Boyle continued: “The increase in imminent malware threats, the importance of complying with the GDPR, the treatment of Shadow IT and the advances in social engineering have been at the forefront this year. At BSI, we work with organisations to implement tailored plans that incorporate training at all levels of an organisation, from senior executives to junior employees, as well as offering cyber security testing services to identify and address any weaknesses. The cyber landscape is evolving and organisations need to ensure that they’re prepared such that they can remain resilient in protecting their information, people and reputation, both now and into the future.”
*BSI’s Cyber Security and Information Resilience Centre of Excellence provides a range of solutions to help organisations address their information challenges covering cyber security, information management and privacy, security awareness and compliance and testing. For more information visit bsigroup.com/cyber-uk