More than one in three firms still do not have incident response plan ready.
Around 83% of businesses across the world are unprepared to handle future cyber attacks, according to a new security report.
Arbor Networks and Economist Intelligence Unit’s new report entitled "Cyber incident response: Are business leaders ready?" noted that even though 77% of firms experienced a cyber attack in the past two years, over one in three of firms still do not have incident response plan ready.
About 17% of businesses across the globe claim to be completely geared up for an online security incident, the report added.
The Economist Intelligence Unit senior editor James Chambers said that there is an encouraging trend towards formalising corporate incident response preparations.
"But with the source and impact of threats becoming harder to predict, executives should make sure that incident response becomes an organisational reflex rather than just a plan pulled down off the shelf," Chambers said.
However, the firms ready with a response plan generally depend on the IT department to lead the process, while most also employ external resources, including IT forensic experts, specialist legal advisers and law enforcement experts.
Arbor Networks president Matthew Moynahan said that in the wake of recent high profile targeted attacks in the retail sector, a company’s ability to quickly identify and classify an incident, and execute a response plan, is critical to not only protecting corporate assets and customer data, but the brand, reputation and bottom line of the company.
"As these findings show, when it comes to cyber-attacks, we live in a "when" not "if" world," Moynahan added.
The report also found that about 41% surveyed business leaders considered a better understanding of threats would assist in being better prepared for attacks, while having an official plan or team ready would have a major effect on the feeling of awareness among executives.
In a bid to save their market value, only a third of firms share information regarding incidents with others to broaden best practises and swap over information, while 57% do not willingly report security breach incidents.