Building Resilience Post a Cyber Incident
Warren Buffett once said, “It takes 20 years to build a reputation and five minutes to ruin it.” Rarely can the ‘sage of Omaha’ be disputed, but on his point around timing, five minutes is a very long time in today’s real-time world when you’re dealing with a cyber-attack.
Globalisation, investor activism, regulatory change, political and cyber risk are all contributing to increased business vulnerability which is amplifying the need for companies to carefully consider their ability to respond effectively. These mounting risks coupled with the always-on nature of the news cycle mean that companies face round-the-clock scrutiny.
Cyber risk is no longer just a technical issue. Prevention and response need to be comprehensively embedded in people and systems. For it is how an organisation responds to an incident that often gets as much attention as the incident itself. If handled poorly, a crisis can cause deep and long-lasting damage to a company’s reputation. If handled well, it is an opportunity for a company to show its mettle to its stakeholders.
Today, cyber threat tops most corporate agendas. Research conducted as part of FTI Consulting’s 2020 Resilience Barometer amongst 2000 companies operating across the G20 countries at the beginning of the year show that a cyber breach is the top concern for boards and management teams.
At least one in four G20 organisations has experienced a cyber attack where assets were stolen or compromised in the last 12 months. Worryingly in this region, that figure rises to one third with the most common breach a phishing attack, followed by a loss of customer or patent data and loss of third-party information