Preparing for an incident—cyber and IT resilience
Resilience means being able to keep your business running after an incident occurs. The survey reveals which scenarios Irish businesses are actively preparing for that could unfold over the next 12 to 24 months. Global recession, commodity market volatility (including the gas, oil and grain markets) and a catastrophic cyber attack have been identified as the top three priorities for Irish senior executives when planning resilience strategies. Preparing robust IT and cyber resilience plans can help organisations reduce financial losses after an incident, meet regulatory reporting requirements and protect the business’ brand, reputation and digital trust.
The survey indicates that less than half of Irish respondents (44%) formally coordinate business continuity, disaster recovery, crisis management, incident response and threat intelligence processes (global: 52%). Moreover, just 42% of Irish organisations (global: 62%) develop a broad understanding of the cyber risks they face across the entire business and how to continue operations amid these risks. Many organisations still take a narrow view of incident response planning, preparing for individual risk scenarios instead of enterprise-wide resilience strategies.
69% of Irish senior executives are taking steps to anticipate incidents that may occur by embedding resilience capabilities within their business to withstand disruption (global: 53%). 31% of senior executives indicated that their business recovers reactively, invoking plans after an incident and focusing on recovery after failure or the incident. Pre-empting disruption enables businesses to respond as one team with defined responsibilities, contain the incident and recover quicker. Further, being proactive in detecting potential incidents can help prevent damage to an organisation’s well-earned trust in the first place, helping security teams eradicate the threat before it becomes embedded.
During an incident, cross-team communication and activities play a critical role in limiting the potential damage caused to the business. Results from the survey indicate that organisations which promote an integrated, agile operating model that can respond to a diverse set of disruptive events were in the minority (47%). That figure stood at just 39% among Irish respondents. Ensuring that IT and cybersecurity teams are prepared to handle any type of incident that may arise is vital.