Organizations unable to achieve business resilience against cyber threats

The Resilience Gap study, which surveyed over 4,000 business decision makers across the United States, United Kingdom, France, Germany and Japan found that while 96% of the global business decision makers believe that making technology resilient to business disruptions should be core to their firm’s wider business strategy, the reality is very different. In fact, only 54% of respondents claim that it definitely is.

Barriers to achieving business resilience

Despite 96% of respondents claiming that business resilience is important to their organization, several barriers to achieving business resilience remain, with clear challenges between internal organizational structures and access to the right skills and technology.

Over a third (34%) blame their organization’s growing complexity, while, one fifth (20%) blame siloed business units. Looking to their team and tools, a third (33%) say the issue lies with the hackers being more sophisticated than IT teams, 21% claim that they don’t have the skills needed within the company to accurately detect cyber breaches in real-time and almost a quarter (24%) claim that poor visibility of entry points is the biggest barrier to business resilience.

“In 2018 alone, companies will spend over one trillion dollars making their enterprises even more digital – launching more applications, expanding IT services, and creating new connections with their partners and customers,” said David Damato, CSO at Tanium. “While this may seem positive, the speed and complexity of technology has led organizations to purchase multiple tools to solve for IT security and operations challenges. In turn, this has created a fragmented collection of endpoint management and security solutions which is leaving the enterprise environment brittle, vulnerable and lacking the business resilience needed to adequately mitigate threats. We believe that business resilience is fundamental to any strategy for long-term growth, yet the findings suggest that many businesses still have a long way to go to achieve resilience.”

Responsibility for business resilience

One of the main reasons why organizations are unable to achieve business resilience against disruptions such as cyber threats is due to growing confusion internally on where the responsibility for resilience lies.

Almost a third (30%) believe it should be the responsibility of the CIO or Head of IT, whilst 23% say every employee should be responsible, and 13% state responsibility lies with the CEO alone. This disparity is dramatic across countries, with a third of business decision makers in the US claiming it’s not just one person’s responsibility but everybody’s responsibility to ensure business resilience.

Impact of a lack of resilience

A lack of business resilience can also severely impact a firm’s bottom line. A third (33%) of organizations say they could not or don’t know if they could calculate the impact of a cyber breach on indirect cost from lost revenue and productivity, and 28% admit they wouldn’t know if they would be able to calculate the financial cost incurred for response efforts.

In addition, 29% of organizations state they would not know if they would be able to calculate the impact of the loss or exposure of protected data, particularly concerning in the year that GDPR has come into force.

“Businesses are becoming entirely dependent upon their technology platforms. But if that technology stops running, the business will, too – with potentially disastrous consequences for sales, customer confidence, and brand equity – not to mention productivity,” added Damato.

“Business resilience is the practice to ensure that the technology running the business can adapt to disruption. To deliver resilience, governments and enterprise organizations require a new approach that moves beyond a simple focus on prevention and recovery. Organizations need to ensure that data is accurate and actionable and that starts with having real time visibility and control over all computing devices. Without uniting teams and reducing the fragmentation, teams will continue to invest in new point solutions and ultimately struggle to make the business resilient,” concluded Damato.