We carry out fire drills on a regular basis, and make everyone leave the building, why don’t businesses take cyber incident practise seriously?…:
Only 2% of organizations have run incident response scenarios related to the pandemic response.
According to research by Immersive Labs of 402 organizations, nearly 40% are not fully confident in their teams training to handle a data breach if one occurred, and 65% of exercises consist of reviewing PowerPoint slides.
In an email to Infosecurity, Heath Renfrow, director and vCISO at the Crypsis Group, said incident response is one of the pillars of a sound information security program, and it needs to be taken more seriously—not only among the organization’s information security team, but all the way to the CEO and board of directors.
“It is evident from the incident response cases we assist with daily that incident response is frequently viewed strictly as information security/IT’s responsibility, rather than from an overall business perspective,” he said. “This is unfortunate, because many across the business—from leadership to legal, communications and HR staff—have a potential role to play and can help influence better outcomes and the right cultural mindset to be better prepared for an incident.”