Intelligent CISO Issue 09 | Page 21

cyber trends brand equity – not to mention productivity,” added Damato. “Business resilience is the practice to ensure that the technology running the business can adapt to disruption. To deliver resilience, governments and enterprise organisations require a new approach that moves beyond a simple focus on prevention and recovery.” “Organisations need to ensure that data is accurate and actionable and that starts with having real time visibility and control over all computing devices. Without uniting teams and reducing the fragmentation, teams will continue to invest in new point solutions and ultimately struggle to make the business resilient,” concluded Damato. The UK in focus The study revealed that 99% of UK business leaders believe that making technology resilient to business disruptions such as cyberthreats should be core to their firms’ wider business strategy – although again, the reality is different. confusion internally on where the responsibility for resilience lies. Almost a third (30%) believe it should be the responsibility of the CIO or head of IT, while 23% say every employee should be responsible and 13% state responsibility lies with the CEO alone. This disparity is dramatic across countries, with a third of business decision makers in the US claiming it’s not just one person’s responsibility but everybody’s responsibility to ensure business resilience. calculate the impact of a cyberbreach on indirect cost from lost revenue and productivity, and 28% admit they wouldn’t know if they would be able to calculate the financial cost incurred for response efforts. Impact of a lack of resilience “Businesses are becoming entirely dependent upon their technology platforms. But if that technology stops running, the business will too – with potentially disastrous consequences for sales, customer confidence and A lack of business resilience can also severely impact a firm’s bottom line. A third (33%) of organisations say they could not or don’t know if they could www.intelligentciso.com | Issue 09 In addition, 29% of organisations state they would not know if they would be able to calculate the impact of the loss or exposure of protected data, particularly concerning in the year that GDPR has come into force. Only half (54%) claim their organisation is definitely as resilient as it needs to be with a fifth (20%) admitting they would not be able to calculate indirect costs from lost revenue and productivity following a cyberattack. Matt Ellard, Managing Director of EMEA at Tanium, added: “The speed of digital transformation has led organisations to purchase multiple tools to solve IT security and operations challenges, which is leaving IT infrastructures vulnerable to threats. “Organisations need to build a strategy for business resilience and that starts with ensuring they have real-time visibility of where threats exist across their network, most crucially at the endpoints. If you can’t pinpoint current vulnerabilities or the origin of a threat, how can you expect to defend against them?” u 21