BCI’s Cyber Resilience Report Insights
The Business Continuity Insitute (BCI) released its cyber resilience report yesterday. Below is a high level of BCI’s Cyber Resilience Report insights. Hopefully, you downloaded your copy, but if not, I found the following elements interesting. As usual, the BCI partners with a vendor, Daisy Group, a provider of B2B telecommunications to businesses.
This year’s report acknowledges the rise of cybercrime and its impact on business risk. Additionally, it inherently recognizes the shift of organizational IT teams towards a focus on resilience rather than Disaster Recovery. Further, it reinforces strategic, proactive approaches to cybersecurity. In today’s climate, it is safe to say that all of us are endeavoring to lessen the risks and consequences of cyber events. The BCI’s report is one tool to benchmark gain global awareness translatable into individual, organizational approaches.
Spotlight on siloed approaches & cost
Early in the report, one of the BCI’s cyber resilience report insights is that most cyber and business continuity units operate separately. This is called an impediment to effectively thwarting cyber attacks. I can’t entirely agree that the entities must be housed in the same organizational structure. However, they need alignment, especially in the crisis management response.
Furthermore, although event occurrences are rising, the impact remains relatively low. Ransomware, that malicious software used to extort payment from companies in exchange for stolen or blocked data, remains most impactful to businesses. The most significant takeaway of the BCI’s Cyber Resilience Report insights is maintaining a company-wide culture. Then, calibration is needed across critical business units and continued investment in best practices and exercise hygiene.
The state of cyber security resilience 2023
First off, there’s plenty of data in the report. The forward from the BCI’s chief Thought Leader, Rachael Elliott, acknowledges Check Point Research which states a 38% increase in the average number of attacks weekly in 2022. It’s a significant jump that justifies the unease of business leadership and IT departments. Most companies cannot conduct business transactions without technological tools in our hyperconnected world. Understandably, this is where ongoing partnerships between risk management, IT cybersecurity, and business continuity best support resilience.
Overall, the reasons for the increase in cybercrime are varied. One of the areas of concern is the rise of a hybrid workforce post-Covid. In my Remote Work series, I talked about the information security risks posed by increased number of employees working at home. However, a total return to the office for the workforce is unlikely for multiple reasons. Fortunately, as the report points out, executives oversee cyber teams to guide their approach based on business needs. The greatest threats are a relaxation of vigilance, loss of top-down support, and employees succumbing to attacks like phishing.
Cyber events happen
By now, your company is aware-from the CEO to the lowest level employee, that cyber events will happen. Cyber disruptions are one of many crisis events we respond to on an increased basis. If you read The C-Suite’s 2023 Outlook On Crisis Preparedness or the Disaster Forecast For 2023, cyber events are anticipated to be a significant threat.
The BCI’s report indicates that the financial impact of cyber events remains relatively low to medium overall. However, concerns about a major-level event are justifiable. Exposure risks align with the rise in cyber insurance premium rates. A worst-case example is the 2022 Colonial Pipeline ransomware attack. So, all of the worries are understandable, as is the focus on prevention rather than simply addressing events when they happen.
What I expect in a cyber resilience report
As I reviewed the BCI’s Cyber Resilience Report insights, I considered what I expected it to contain:
- Current cyber threats and trends: The report may analyze the latest cyber threats and trends, including types of attacks, targets, and vulnerabilities.
- Cybersecurity preparedness: It should assess organizations’ cybersecurity preparedness level and ability to detect and respond to cyber incidents.
- Cybersecurity incidents: A good analysis provides information on the cybersecurity incidents that occurred during the reporting period and their impact on organizations.
- Cybersecurity risks: Data on an organization’s cybersecurity risks and their potential impact on business operations are expected.
- Regulatory compliance: A comprehensive report evaluates organizations’ compliance with relevant cybersecurity regulations and standards.
- Best practices and recommendations: It may also suggest how organizations can improve their cyber resilience and protect against cyber threats.
Overall, a cyber resilience report helps organizations understand their cybersecurity posture, identify potential areas of weakness, and take proactive measures to improve their cybersecurity preparedness. The BCI’s report did address all of these elements and provided valuable insights into what organizations worldwide are currently facing.
Evolving cyber threat landscape & resilience
Of course, I only cherrypicked items that stood out to me as the most relevant from the report. I urge you to review it for its data points or catch a webinar. The BCI strives to provide valuable and relevant information to a global audience. It’s not an easy task, and I thank them for it. To me, it is one of the benefits of membership.
Let me know if you agree with the focus areas or believe I missed any salient points. As always, I appreciate dialogue with my readers and look forward to reading your opinions. Please leave your thoughts in the comment section below. Let’s start a conversation on if you think the BCI got it right in their report or if other aspects of cyber resilience need the spotlight.
Did you know?
Disaster Empire blogs contain embedded links to source materials, articles of interest, videos, books, and training I recommend. Just click on the blue embedded link to access the resource.