A KPMG study has found that 49% of CEOs believe a successful cyber attack against their organisation is inevitable.
This shouldn’t come as a surprise: the volume of attacks has soared in the past few years and there are simply too many risks to keep track of. As such, cyber security experts have repeatedly warned organisations that data breaches are a matter of ‘when, not if’.
How do Asia-Pacific organisations fare?
KPMG concluded that awareness of cyber security threats has improved significantly in the Asia-Pacific region (APAC) over the past year. However, the number of CEOs who accept the inevitability of breaches is still below the global average in three of the four surveyed APAC countries:
- Japan (46%)
- India (34%)
- China (32%)
The other surveyed APAC country, Australia, bucks the trend (62%). This makes it the second-highest ranked country globally, trailing only the US (68%).
How to handle cyber threats
If a data breach is going to happen, no matter what defences you have in place, then what should you do?
First, you need to realise that even if cyber defences are never 100% impenetrable, they can still repel most attacks. ISO 27001 the international standard for information security, provides a best-practice framework for protecting your organisation, and adopting its requirements will ensure that you are as prepared a s possible for whatever threats come your way.
Second, you need to prepare for the inevitable. The breach itself is only one part of the equation; there’s a lot you can do to mitigate the damage after the fact. This includes steps such as isolating the affected parts of your system or network, executing a process that allows you to maintain business operations, and contacting regulators.
These are all things that a BCMS (business continuity management system) can help you with. For guidance on how to create an effective system, take a look at ISO 22301. It’s the international standard for business continuity, and provides a framework for organisations looking to improve their data breach response capabilities.
How prepared are you?
Implementing ISO 22301 might not be as hard as you think. In fact, some of your existing measures may well meet the Standard’s requirements.
You can find out close you are to the Standard’s requirements with our ISO 22301 gap analysis service. One of our business continuity experts will review your organisation’s practices and give you a detailed breakdown of how prepared your organisation is for a cyber attack, and how you measure up against the Standard’s requirements.
You’ll receive expert advice on how to implement a BCMS (business continuity management system), and be given an informed assessment of the:
- Proposed scope of your BCMS;
- Internal resource requirements for successfully deploying a BCMS project; and
- Potential time frame to achieve certification readiness.