Cyber Preparedness Initiatives Inadequately Equipping Workers for Emergencies
In a recent survey conducted by Osterman Research, it has been revealed that over half of cybersecurity leaders believe their workforce is not prepared for a cyberattack. The survey, which polled 570 senior-level security and risk leaders in the U.S., U.K., and Germany at companies with at least 1,000 employees, was sponsored by Immersive Labs.
The report highlights a disconnect between leaders' confidence in their team's preparedness and the actual cyber resilience of their organisations. Max Vetter, VP of cyber at Immersive Labs, stated that traditional training measures focus on attendance rather than real capabilities.
One of the key findings of the report is the infrequent offering of training by companies. However, the survey did not provide information about the frequency of training offered by the surveyed companies.
The report also suggests that companies need to get their boards of directors more involved to drive accountability. In many cases, the oversight by boards of directors isn't quite there, according to the report. The report does not mention any specific industry certifications that are being questioned.
Government regulators and insurance companies are examining a range of practices, including cyber awareness training, cyber hygiene, incident response, and board oversight over data security practices. Insurance companies are calibrating insurance premiums based on how well companies manage their security programs.
The report also reveals that in two-thirds of organisations, there is a fear that 95% of employees will not understand how to recover following a cyberattack. Priority tasks in the event of a cyberattack might include operating without core IT systems and switching to manual processes to complete important tasks.
The report comes at a time when companies are being held accountable for how they manage customer data and key governance issues by government regulators and insurance companies. It emphasises the need for companies to rethink their cyber governance and resilience capabilities.
However, the report does not indicate whether insurance companies are adjusting underwriting criteria beyond security program management. The search results do not provide the names of the companies where the surveyed senior-level security and risk management employees work.
Read also:
- Strategies for Poland, Ukraine, and NATO to counteract Russian unmanned aerial vehicles (UAVs)
- Top 15 Pivotal Risks to Mobile Application's Security
- UK manufacturing halt extended to three weeks due to cyber attack at JLR factory
- Revising the title: Redefining "Bring Your Own Device" Policies for a Secure and Flexible Workspace in the Hybrid Work Environment
