“Dynamic” and “fluid” are the operative words to describe the current cyber risk landscape, according to a new survey released on January 21 from FTI Consulting. To combat this challenging environment, the global business advisory firm recommends continually assessing your firm’s cyber-resilience methodology.
FTI’s annual FTI Consulting Resilience Barometer 2020 survey respondents were C-suite executives and senior managers from privately-owned companies and publicly-listed entities across all G-20 countries.
A ‘top concern’
Not surprisingly, the survey reveals that cybersecurity remains a “top concern” for most organizations. More surprising is the finding that despite cyber-attacks being identified as having the most negative impact on revenue, less than half of all execs are managing them proactively, and 10 percent believe they have no cybersecurity gaps at all.
Companies said their largest gaps were in:
- Employee awareness, security culture and training
- IT patching and technology stress testing
- Threat monitoring and detection
- Third-party vendors
- Available qualified in-house cybersecurity experts
Currently, social engineering, including phishing, is the most common route for cyber-attacks.
Room for improvement
FTI notes that firms should move to create a “culture of security.” The consultant sees firms with stagnant cyber P&Ps, which leave them vulnerable to attack. A key tip: continually assess and modify your cyber resilience methodology to keep pace.
You can’t control the timing, but you can get ahead of cyber threats by preparing your defense, said Joshua Burch, FTI’s senior managing director and head of cybersecurity for the Europe, Middle East and Africa region. Developing a plan involving your people, processes and technologies for when that moment arrives is key to achieving cyber resilience, he added.
Risk mitigation strategy
Much like OCIE offered cyber best practices for firms to consider in a new report, so too has FTI. The company states that resilience requires a complete cyber-risk mitigation strategy, which includes:
- Understanding your firm’s unique cyber risk profile
- Maintaining firm-wide cybersecurity awareness
- Identifying critical assets
- Developing and testing a business continuity and incident response plan.
This article was originally published in sister title Regulatory Compliance Watch