Most members of Resilience First say cyber-attacks are among their greatest concerns.
A particular worry for many is how to evaluate their organisation’s resilience to fast-evolving cyber threats.
So we have teamed up with the Cyber Rescue Alliance to provide objective insights about the cyber vulnerabilities at our members.
In the latest newsletter for Resilience First members only – released on 10 September - we show a graph that summarises the cyber security posture of more than 200 of our members.
At the time of writing, the member with the worst cyber posture is a technology firm.
The organisation that has improved the most over the last 30 days is a retailer.
The bottom 10% of the members analysed this month are five times more likely to suffer a breach than the top 100.
The value of the graph is that it allows:
- An organisation to rank itself against others on cyber security
- An organisation’s key suppliers can be ranked against one other.
The SecurityScorecard is used platform to review thousands of indicators of cyber security at each company. Companies with a low score tend to operate out-of-date systems and unpatched software, often with weak encryption.
Those companies with the lowest scores are often distributing malware from their servers or are being actively discussed by hackers in the dark web.
When considering cyber resilience, it is also vital to reflect on how the wider environment is changing. For example, is the rate of data breaches increasing, and what factors are behind such breaches?
- Data breach reports are increasing: they are up by 63% in Australia in three months.
- Breach reports quadrupled in the UK and quintupled in Ireland after GDPR came into force, with over-reporting a new concern for regulators.
- These breach reports provide good threat intelligence - half of breaches in the financial sector are now caused by Phishing.
- The worldwide average cost of the typical data breach has risen 6.4% according to the annual Ponemon Survey, and now stands at $3.86 million, with wide variation by country and sector. Interestingly, the typical enterprise is estimated to have a 28% chance of suffering ‘a material breach’ in the next 24 months.
- Data breaches caused by suppliers are up 200%, as highlighted by UK’s NCSC on 19 July.
To discuss this report, please contact Kevin.Duffey@CyberRescue.co.uk or +44 (0)7920 766530.