The reliance of most businesses on technology and data is undeniable. However, as this reliance increases, so too do the risks around cyber security.
Confidence in the face of increasing risk
According to the Mazars C-suite barometer 2021, based on responses from over 1,000 C-suite executives from 39 countries, most businesses are confident in their ability to manage cyber risks: over two thirds (68%) feel their data is ‘completely’ protected and a further 29% say their data is ‘partially’ protected.
- 54Over half of respondents believe the cyber security risk to their organisation has increased over the past 12 months.
- 35More than a third think a significant data breach in the next 12 months is likely.
- 68Over two-thirds are confident their data is completely protected. A further 29% say their data is partially protected.
A new cyber risk landscape
This confidence is encouraging, especially as these leaders also acknowledge the cyber security risks to their businesses have increased, and just over a third consider a significant data breach in the coming year likely.
Our C-suite research was conducted in late 2021, prior to the shocking invasion of Ukraine by Russian forces. We have seen devastation in many forms, and cyber attacks are part of the hostilities of this conflict. The crisis in Ukraine has elevated cyber risks across the globe, and we urge businesses of all sizes to assess and improve their cyber security measures based on the new risk landscape. Specific actions to be considered include:
1. Organise cyber risk management and resilience
- Increase awareness of phishing attacks and take measures such as warnings for email from outside of your organisation.
- Review your cyber risk landscape. Understand your cyber risks, threats and dependences
- Consider network segmentation-based internet connections and processes in relation to Ukrainian and Russian parties
- Assess your IT service providers regarding cyber risks. Understand the consequences of cyber risks in your supply chain
2. Monitor, detect and communicate
- Introduce stricter monitoring and detection of anomalies in web applications and networks
- Organise communication and information sources regarding new cyber risks and vulnerabilities
- Undertake frequent reporting to the responsible management about monitoring and detection
- Last, but not least, perform regular cyber security assessments and penetration tests on the internet-facing applications and internal network.
3. Prepare incident response
- Assess your cyber incident response procedures and be prepared for recovery following cyber incidents
- Assess your communication plans in case of a cyber incident. Be sure you have off-line lists of your contacts - including insurers, suppliers, external security specialists and legal/government agencies - and all the relevant procedures
- Make sure your backup procedure is working and keep backups off-line
- Backup not only data and software but also all data and assets necessary to recover your system, like configuration data. This also requires an actual insight in all IT related assets.
No matter how well protected a business is, it’s likely a cyber-attack will affect them at some point: having a recovery plan to minimise the disruption and impact on your business is vital.