The Business Continuity Institute (BCI) recently published its 2018 Cyber Resilience Report. In many ways this year’s report confirms the findings of the previous reports in 2016 and 2017:
- 66% of organisations experienced at least one “cyber security incident” in the last 12 months (64% in 2017);
- 11% of organisations experienced more than 20 incidents in the last 12 months (10% in 2017); and
- The impact of the majority of incidents was estimated at less than €50 000, but a very small number cost over €1m.
The figures on the response time to an incident were also consistent with previous years, with 38% estimating that they responded within an hour of detection and 79% within 3 hours. Taken at face value this seems quite encouraging; however, for the first time, the 2018 survey also asked about the time taken to detect an incident. Only 28% of respondents estimated that they detected incidents within an hour and 34% estimated that it took over 4 hours. Clearly one cannot respond to an incident until it has been detected, so reducing detection times would appear to be the key challenge going forward.