Disaster Recovery Journal Winter 2024

Jump-Start Your Incident Response Program By NEIL K. JONES I n the past, it was generally believed that the latest and great est technological advancements (along with a lot of hard work and vigilance from companies like yours) could prevent nearly every cyberattack. In celebration of the recent Cybersecurity Awareness Month (each October), I’m shar ing the latest statistics from The Business Continuity Institute (BCI), which encour age companies with their heads in the vir tual sand to re-consider their older-school cybersecurity approaches: n In the BCI’s Cyber Resilience Report 2024, 75% of respondents reported a rise in attempted data breaches year-over year. n In the same report, 39.4% of respondents stated that their organizations had fallen victim to an actual cyberattack. n Finally, 61.3% of organizations of respondents confided that their organizations had suffered cyber incidents as a result of phishing or spear-phishing attacks, which are often precursors of ransomware attacks. Big picture, we no longer live in a world in which any company can cross its fingers and hope for cyber-attacks to pass it by. With Attacks Increasing, Do 100% of Organizations Have Incident Response Plans in Place? Those statistics led me to question, “If

companies had a cybersecurity response plan in place and tested the plan at least once a year. The remaining 37.3% of companies had plans in place but tested them less than annually or didn’t specify whether a testing schedule was in place. n For additional perspective, with yet another sample-set, I reviewed findings from the UK’s Cybersecurity Breaches Survey 2023. The survey found that 47% of medium-sized businesses and 64% of large-sized businesses had IR plans in place, along with 38% of high income charities. The bigger picture was unfortunately much bleaker: Only 21% of all surveyed businesses and 16% of all surveyed charities had IR plans in place.

attack volume continues to increase, are more organizations putting formal inci dent response programs into place?” With that in mind, I compared findings from a vendor report in 2022 – looking at cyber security trends for mid-sized organizations – with more recent resources. Here’s what I found: n According to the 2022 study of 400 mid-sized organizations (conducted by Wakefield Research), 64% of organizational contacts stated their companies had formal incident response plans in place. n Fast-forward to November 2023: A separate analysis by S&P Global (with a different sample-set) revealed 42.7% of

26 DISASTER RECOVERY JOURNAL | WINTER 2024