Most executives around the world feel that their organizations aren’t learning enough from their past cyber mistakes, according to a new survey.
The survey, conducted by The Economist Intelligence Unit (EIU) and Willis Towers Watson, polled more than 450 companies globally about their strategies and challenges in building a cyber resilient organization. The survey found that most companies feel they’re doing well when it comes to incident response – but only 13% said they were above average in incorporating lessons from cyber incidents into their resilience strategies.
The survey found little consensus on cyber resilience planning, with boards and executives differing on where to allocate funds and what areas of their organization were most at risk.
Other key findings of the report include:
“It’s important for companies to understand that achieving cyber resiliency is a company-wide imperative, one that shouldn’t be sequestered to certain roles or functions,” said Anthony Dagostino, global head of cyber risk for Willis Towers Watson. “Boards should emphasize the need for a strategic framework, and the C-suite should set the tone within their organizations by empowering stakeholders, such as IT, risk, HR, legal and compliance to drive an integrated risk management and resiliency strategy. While technology will remain a crucial defence, more than half of cyber incidents are attributable to employee behaviour and talent deficits in cyber roles, so investing in other areas such as human capital solutions and cyber insurance have to become part of regular board and C-suite conversations.”