In a survey of more than 500 senior leaders of UK businesses, including EY and JD Sports, around 85% of firms reported having been through a crisis in the past year. Cyber incidents came out top of the list for executives, with some 36% of leaders reported facing some sort of cyber-attack, according to the poll by consultancy firm FGS Global.
The CEOs polled warned there was still a lack of understanding around cybersecurity and cybercrime, heightened by the risks posed by AI.
“The consensus from our in-depth interviews is that crises are becoming more prevalent, but also more unpredictable,” Jenny Davey, partner at FGS Global, said.
“Today’s CEOs must be multi-dimensional, prioritising bold, fearless decision-making and a strong organisational culture to navigate these turbulent times.”
The report noted that over half of respondents cited ransomware attack as a crisis their business feared facing, but only 36% of companies felt they were “highly prepared” to deal with this type of incident.
How to be prepared?
Use these key actions from R & R Insurance to protect your business:
Know your data: understand the nature and the amount of data you have.
Create file back-ups, data back-ups and back-ups bandwidth abilities.
Train employees to recognize spear phishing. All employees should learn the importance of protecting the information they regularly handle to help reduce exposure to the business.
Do background checks on employees.
Limit administrative capabilities for systems and social footprint. The fewer employees with access to sensitive information, the better.
Ensure systems have appropriate firewall and antivirus technology.
Have data breach prevention tools, including intrusion detection. Ensure employees are actually monitoring the detection tools. It is important to not only try to prevent a breach, but to make sure that if a breach occurs, the company is aware as soon as possible. Time is of the essence.
Update security software patches in a timely manner.
Have a plan in place to manage a data breach. If a breach occurs, there should be a clear protocol outlining which employees are part of the incident response team and their roles and responsibilities.