More than 80% of business leaders feel “unprepared” for cyber incidents

More than 80% of business leaders do not feel fully prepared for the effects of a cyber attack, according to a new survey by the Economist Intelligence Unit.

Despite 77% of companies having faced a major cyber incident in the past two years, according to the survey of 360 senior business leaders in the U.S. and around the world, 38% of companies still have no plan in place for such events, according to CIOL's report.

The report, which surveyed 360 executives of whom 73% are C-level (ie holding titles such as CEO, CIO or CFO), referenced the data breaches affecting Target and Adobe last year, saying, “Data breaches and denial of service attacks are now so commonplace that only the biggest breaches make the headlines. Yet systems errors and outages are also a major threat. Whatever form it takes,the likelihood of a company experiencing an incident is more a question of when, not if.”

The report, sponsored by DDoS prevention specialist Arbor Networks, points out that in the previous year, the most common form of cyber incidents were accidental systems outages, which formed 29% of major cyber incidents, and the accidental loss of senstive data by employees, which formed 27%.

IT ProPortal reports that nearly three-quarters (73%) of companies feel at least partially prepared for an incident, according to the survey. Two-thirds of executives said that responding well to an incident could actually enhance a company’s relationship.

As a result of this, the report notes, 60% of companies now have an incident response team and plan in place - and that figure is expected to rise to 80% within “the next few years”, according to the executives surveyed.

Having such a formal plan in place had a “significant effect on the feeling of preparedness among executives,” the report noted. The researchers found that executives wished for a greater understanding of the threats they faced, which most felt would help with the areas they felt least confident about - detecting incidents rapidly (ie within 24 hours of occurrence), and predicting their likely impact.