One in 10 businesses doesn’t have an incident response plan
- New Barracuda report explores why just 43% of organizations surveyed have confidence in their ability to address cyber risk, vulnerabilities, and attacks
- Around half find it hard to implement consistent, company-wide security policies
- A third worry about securing the supply chain
- The report features a cyber-resilience checklist template based on the NIST 2.0 framework
Barracuda Networks, Inc., a trusted partner and leading provider of cloud-first security solutions, has today published the CIO report: Leading your business through cyber risk, which explores the top governance challenges facing companies trying to manage cyber risk and boost their cyber resilience. The report offers practical tools such as a checklist template, created with Barracuda’s own IT and security leadership, to help companies navigate their way to resilience.
Leveraging data from the international Cybernomics 101 study, the report assesses how challenges relating to security policies, management support, third-party access, and supply chains can undermine a company’s ability to withstand and respond to cyberattacks.
Among other things, the findings show that many organizations find it hard to implement company-wide security policies such as authentication measures and access controls. Half (49%) of the smaller to mid-sized companies surveyed listed this as one of their top two governance challenges. Further, just over a third (35%) of the smaller companies worry that senior management doesn’t see cyberattacks as a significant risk, while the larger companies are most likely to struggle with a lack of budget (38%) and skilled professionals (35%).
Many organizations have concerns about a lack of security and control over the supply chain and visibility into third parties with access to sensitive or confidential data. Around one in 10 doesn’t have an incident response plan to turn to in the event of a successful breach.
“For many businesses today, a security incident of some kind is almost inevitable,” said Siroui Mushegian, CIO of Barracuda Networks. “What matters is how you prepare for, withstand, respond to, and recover from the incident. This is cyber resilience. Advanced, defense-in-depth security solutions will take you most of the way there, but success also depends on security governance — the policies and programs, leadership, and more that enable you to manage risk. When NIST updated its benchmark cybersecurity framework earlier this year, it added security governance as a strategic priority.”
The report offers practical templates to help organizations manage cyber risk and map where they are in their journey toward cyber resilience. The cyber resilience checklist draws on the latest iteration of the U.S. National Institute of Standards and Technologies (NIST) Cybersecurity Framework and can be freely downloaded and printed from the Barracuda website.
Resources:
Get a copy of the report: https://www.barracuda.com/reports/cyber-resilience-report
Get a standalone copy of the cyber resilience check list: https://www.barracuda.com/reports/cyber-resilience-report
Check out the blog post: http://cuda.co/blg042424a
Methodology for the Cybernomics 101 research
The research data comes from the Cybernomics poll of 1,917 IT security practitioners from companies with 100 to 5,000 employees across various industries in the United States (522), the United Kingdom (372), France (329), Germany (425), and Australia (269) in September 2023. The final sample of respondents represented enterprises with between 100 and 5,000 employees. All respondents are involved in the management of their organization’s IT security functions or activities.