To be more cyber resilient, organisations not only need to have the ability to assess cyber risk and have a protection plan, they must also be able to quickly – and successfully – recover and respond in the event of a cyber incident.
And according to a global insurance brokerage, the journey toward cyber resilience should start with an organisation's most influential members – its board of directors.
The statement comes after a study by the Economist Intelligence Unit revealed that while all organisations believed their cyber-resilience abilities were above average, they were slightly less confident in key areas, including applying lessons learned from past incidents, the ability to build a cyber-savvy workforce, and identifying and filling gaps in cyber talent.
“Given the board is responsible for governance and oversight of risks that affect the entire enterprise, the development of a strategic framework should fall under their purview,” WTW said. “While board members may not be cyber experts, it’s their knowledge, expertise, and general understanding of risk management, coupled with their stewardship and governance that are more essential for leading a cyber-resilient organization. The technical aspects are important, and should be discussed with the board, early and often, so they understand the risks the organization might face, and can develop a strategy to help protect against them.”
The WTW-backed study also found that when it comes to applying lessons learned from past incidents, only 13% rated themselves as well above average and a quarter said they were below average – a poor outcome considering that one-third of respondents experienced a cyberattack within the last year, which resulted to disrupted business operations, impaired financials, and damaged reputations. A majority of those respondents believed it was highly likely that another incident would occur.
In addition to more familiar risk assessments, addressing the human element of cyber risk should also form a big part of an organisation's strategy, WTW said, citing last year's Cyber Risk Survey report. That report confirmed that a company's workforce remains the biggest threat to cyber security, with two-thirds of cyber breaches involving employee negligence or malfeasance.
“Organizations can drive a cyber-savvy workforce by uncovering vulnerabilities in the culture, educating employees on cyber threats and risks, and establishing ongoing innovative training programs and implementing sound cyber-related HR policies,” WTW said. “Additionally, being proactive in designing and executing a plan to address the cybersecurity war for talent ensures that the organization is prepared to respond quickly in the event of an incident.”