Digital Transformation

Businesses ‘are overconfident about their resilience to cyber threats’

Companies may be too blase about their security risks.

Deloitte has suggested that businesses may need to take more care to ensure they do not fall victim to cyber security breaches.

The firm carried out a study and found that 88 per cent of firms in the technology, media and telecommunications industries do not think they would be vulnerable to a threat such as hacking, despite the issue becoming much more commonplace.

Although 68 per cent of respondents insisted they knew their risks and 62 per cent had some sort of procedure in place to address them, 59 per cent had actually experienced a security breach.

Deloitte warned that breaches such as hacking should be treated as inevitable, rather than as something that will never happen.

They also recommended investing time in response planning – currently, only half of the businesses surveyed have disaster recovery strategies in place.

"Companies need to have a documented response plan in place so they can react when breaches occur. Unfortunately, not enough are doing this so we think companies are being overconfident in their resilience," said Deloitte’s James Alexander.

"Cyber attacks are now so sophisticated and commonplace that it is impossible to be fully protected," he added.

It comes after a group of experts including Gartner’s Aman Munglani told Electric Light and Power magazine that a good data disaster recovery plan is as vital as insurance for businesses who want to be able to carry on in the event of an emergency.

In terms of where threats will come from, 70 per cent of survey respondents told Deloitte they think mistakes made by employees lacking in security awareness will be a top source.

However, only 48 per cent said they offered training to help spread awareness of dangers that could come as a result of lost memory sticks and other issues.

Deloitte recommended working with third party experts to help understand and improve security practices and reduce the likelihood of a data breach.