How prepared are you when it comes to surviving and recovering from a cyber security incident?
The most recent benchmark study on Cyber Resilience by IBM Security and the Ponemon Institute reveals that 77 per cent of companies still do not yet have a cyber security incident response plan in place. Of the companies that do have one in place, more than half don’t test their plan on a regular basis.
An outdated plan is no plan at all
The fact that so many organizations are not actively maintaining their incident response plans has serious business implications at a time when bad actors are rapidly changing and becoming more crafty. An incident response plan that doesn’t “move with the times” is really a plan that will fail.
Times have changed
Cyber security is no longer merely a tech issue — a nuisance to be offloaded on IT. It’s a business problem too. This is especially true as more and more businesses transform digitally. The move to operating as a software business that happens to make cars, sell shoes or offer banking services means greater exposure to an increasing number and variety of cyber threats. It means a robust up-to-date incident response plan is not important but essential.
The time is now for companies to make a leap in mindset: from questioning if their business will suffer an attack to when they will be hit, and how they will respond when it happens.
The good news is that, when it comes to cyber security incident response, a little can accomplish a lot. Studies are showing that organizations that have even a basic plan and some training in place to detect and manage incidents actually cut the cost of breaches, including their recovery time, by at least half.
What you need to know…
Do you know where your company stands with its incident response readiness? Do you know what you need to do in order to get up to full speed? Are you clear on what’s expected from your company in terms of complying with regulations and legislation? If you don’t, consider registering for “What you need to know about managing cyber security incidents.” In this half-hour session, well-known Canadian CISO and cyber-security consultant Michael Ball and IT World Canada CIO Jim Love will cover a wide range of topics and questions, including:
- What is cyber security incident management?
- What are the new regulations and legislative requirements in Canada?
- Practical tips for detecting, containing and managing cyber security incidents
The session will be followed by a question period with Ball and Love. Attendees will receive a copy of the Business Guide to Cyber Security, and a checklist to allow them to evaluate their company’s readiness.