But less than half of CEOS are concerned another hack will happen
Research by Lloyds of London has revealed that 92% of businesses have experienced a data breach in the last five years, yet CEOs are not concerned this could be a sign of things to come, expressing to the insurance market they don't think they will be subject to another attack in the coming years.
However, this complacency is dangerous, Lloyd’s Chief Executive, Inga Beale said, despite the responsibility of attacks falling to senior decision makers.
"I’m afraid we no longer live in a world where you can prevent breaches taking place, instead it is about how you manage them and what measures you have in place to protect your business and importantly, your customers," she said. "As recent events have shown, hard-earned reputations can be lost in a flash if you do not have the correct plans in place."
LogRhythm agreed that businesses need to take notice of the stats and ensure they are safeguarding their networks and infrastructure against cybercrime.
"The bottom line is that today’s hackers are so advanced that they will eventually get into their target networks – which probably explains the high number of breached organisations," Ross Brewer, VP & MD of international markets, LogRhythm said. "Focus must now shift to what they are doing while on those networks and putting measures in place to stop them as soon as possible, as this is where the damage can be greatly limited."
Lloyds' report added that only 13% of businesses think they would lose customers if they experienced a data breach, but this blasé attitude needs to change.
"The fact that so few businesses are concerned about a secondary breach could worryingly suggest that they are placing too much confidence in the reactive security systems that they deployed after the first," Brewer added.
The report also highlighted the role that the General Data Protection Regulation (GDPR) will play in helping companies realise the action they must take in order to protect their company against hacks. If companies are hacked and fail to report the extent of the crime within 72 hours, they will be fined up to $20m.
“With the GDPR coming into force in just a couple of years, there really is no room for complacency," Brewer commented. "A big problem today is that businesses are taking far too long to identify that they have been breached, which means hackers have time to roam the network and take what they want undetected.
"GDPR necessitates a deep understanding of all activity happening across their entire network, at all times. Businesses across Europe cannot be complacent and instead must take advantage of security intelligence and analytics, boosting their investment in full threat detection and response capabilities.”