The Business Continuity Institute (BCI) has released its latest Cyber Resilience Report. It found that more organisations are seeing more cyber attacks, compared with the previous such report, published in November 2021. Some sectors (such as healthcare) are being targeted more than others.
The report is downloadable, based on a survey of 303 replying from 61 countries, 44pc from Europe; from a BC, info-security, IT or cyber background. The BCI then did interviews with eight of those, and anonymised what they said and included some comments in the report.
Some organisations reported that they found a cyber attack was happening to them as a result of a system outage, or from social media or a customer informing them – which as survey organisers point out, runs the risk of more of an impact on customers, and damage to reputation.
While the traditional methods of phishing and spear phishing remain the most frequent form of cyber attack – organisations reporting a successful phishing attack rose from 65.7 per cent to 72.4pc this year – most, 74pc of respondents consider a ransomware attack to be within the top threats to their organisation over the next five years.
Comment
Rachael Elliott, Head of Thought Leadership at the BCI, ran through the study in a webinar this morning alongside Paul McLatchie, from the report sponsors Daisy; and Martin Brown, head of business continuity and resilience for the regulator Ofgem, and Andrew Swapp, BC manager for Greater Manchester Police (GMP). The webinar heard that BC managers are not only working on helping their employer to recover; while cyber security and IT teams usually lead cyber resilience strategies, with the oversight of executives: business continuity and risk management teams also offer support in reducing financial losses, ensuring a faster response and building a crisis communications strategy.
Rachael Elliott said afterwards: “The results of the survey in this year’s report show an ever-evolving cyber security landscape, and one where the number of attacks and their ferocity has increased markedly. With the classic attack vectors, attackers are becoming increasingly more intelligent with their approaches; phishing emails no longer contain the spelling errors of yesterday and attacks have the potential to unleash damage to systems quicker than an organisation has time to react. Even if an organisation has the most advanced technology in place, attackers know that by approaching the weak link to cyber security within an organisation – the people – their attack will have more chance of success. Thankfully, we see training and exercising of staff in cyber awareness on the increase and, with the continued management attention to cyber security, we believe that organisations are in a good place to stay one step ahead of the attackers.”
You can freely download a copy of the 70-page report from the BCI website: you have to register. Visit https://www.thebci.org/.
More in the April print edition of Professional Security Magazine.
