Cyber-attacks have become a question of when they will occur - not if. Having a resilient cyber defence in place is essential as it enables businesses to rapidly respond to and recover from cyber-attacks suffering minimal damage.
What does the survey show?
The respondents indicate that they are quite cyber resilient within the areas of handling customer data and marketing/sales. Ninety percent of the respondents indicate that they are highly or to some degree cyber resilient within these two areas. For the other key areas shown in the graph, the percentage of businesses indicating that they are highly or to some degree resilient is between 83% and 88%.
There are differences, however. While 53% indicate that they are even highly
resilient when it comes to handling customer data, the percentage is only 29% when it comes to new technology. Eight percent indicate that they are not cyber resilient at all when it comes to the use of close business partners/suppliers (with system integration).
Q: To what degree do you feel that your company is resistant to cyber attacks in the following areas...
Compared to other sectors, the businesses in the financial sector rate their own cyber resiliency lower in general. Once again, part of the explanation could be that the businesses in the financial sector are more aware of the cyber threat because of their maturity. They have been exposed to cyber threats for a long time due to the nature of the business and are thus more realistic about it all, including their own resiliency.
The FinTech (financial technology) companies aside, the financial sector has not been as adaptable and accommodating as regards digital transformation due to internal and external challenges. This might have made the financial sector feel less cyber resilient in terms of new technology.
The survey shows a high level of perceived cyber resiliency when it comes to handling customer data. This is a positive development that can possibly be accredited to EU’s General Data Protection Regulation (GDPR) combined with an increased focus on data privacy and general compliance with privacy regulations. It is promising to see that the increased focus on and awareness of privacy issues have also led to increased confidence in handling and protecting customer data. Seven percent of the businesses in the financial sector, however, indicate that they are not resilient at all when it comes to handling customer data.
The bigger picture
Understanding core business processes
Identifying and protecting core business data / processes is critical to ensuring that the business resiliency is maintained during a cyber-attack. This includes identifying the scope of what is deemed to be critical and having comprehensive fallback solutions, such as backups, that entail regular testing and validation. This will ensure that the core infrastructure, applications and data are made available to maintain core business operations.
Detect and Respond
Cyber-attacks are part of reality. Visibility of threats is first paramount to ensuring that businesses have time to respond before the threat impacts the organisation. Developing incident response (IR) capabilities and a Security Operations Centre (SOC) is essential to proactively fight against potential cyber-attacks and having access to subject-matter experts who can contain and remediate such attacks.