monsitj - Fotolia

UK firms in the dark around the impact of cyber attacks

UK firms have a long way to go in building the business resilience required to withstand cyber threats and other major disruptions, a study shows

While 99% of UK business leaders believe that making technology resilient to business disruptions is important, only 54% claim their organisation is as resilient as it needs to be, a study has revealed.

In recent years, the security industry has increasingly recognised the importance of focusing on resilience to ensure that when defences are breached, organisations are able to reduce the impact on the business.

A fifth of more than 1,000 UK business decision makers polled by security firm Tanium admitted they would not be able to calculate indirect costs from lost revenue and productivity following a cyber attack.

The Tanium resilience gap study also found that there are more barriers to achieving the resilience that 97% of respondents believe to be important, with 38% of respondents blaming their organisation’s growing complexity as one of the biggest barriers to building business resilience, while 21% blame siloed business units.

Asked about their team and tools, 35% of respondent said the issue lies with the hackers being more sophisticated than IT teams, 21% claim that they do not have the skills needed within the company to detect cyber breaches accurately in Real Time, and 27% said poor visibility of entry points is a barrier to resilience.

“The speed of digital transformation has led organisations to purchase multiple tools to solve IT security and operations challenges, which is leaving IT infrastructures vulnerable to threats,” said Matt Ellard, managing director for Europe at Tanium.

“Business resilience is fundamental to any strategy for long-term growth, yet the findings suggest that many UK businesses still have a long way to go,” he said.

Organisations need to build a strategy for business resilience, said Ellard. “That starts with ensuring they have real-time visibility of where threats exist across their network, most crucially at the endpoints. If you can’t pinpoint current vulnerabilities or the origin of a threat, you can’t expect to defend against them,” he added.

The study also revealed gaps in accountability and trust across organisations. One of the main reasons organisations are unable to achieve business resilience against disruptions such as cyber threats is due to growing confusion internally on where the responsibility for resilience lies.

More than a quarter (28%) believe it should be the responsibility of the CIO or head of IT, the same proportion said every employee should be responsible, while 13% said full responsibility lies with the CEO alone. One in 10 (11%) believe it falls to senior leadership.

“Businesses are becoming entirely dependent on their technology platforms,” said Ellard. “But if that technology stops running, the business will too, with potentially serious consequences for sales, customer confidence, and brand equity, not to mention productivity.

“To deliver resilience, a new discipline needs to be instilled across governments and enterprise organisations. This discipline is more than prevention. It’s more than recovery. It’s a shared practice that should unite IT, operations and security teams to ensure strong security fundamentals are embedded across the entire company network. Only then can organisations act and react in real time to threats.”

Read more about resilience

  • Hackers could exploit security vulnerabilities in fax machines to launch cyber attacks, researchers warn, underlining the need for cyber resilience.
  • Security needs to shift to resilience, says consultant.
  • Only a quarter always incorporate measures in their technology and operating models to make them more resilient to cyber attacks, a survey shows.
  • While black swan events are random and unexpected, businesses can still prepare for them, according to a resiliency consultant.
  • A new book from the World Economic Forum and McKinsey argues that cyber security, as currently practised, is a recipe for disaster.

Read more on IT risk management

Data Center
Data Management