by Dan Muse
Data is the currency of today’s businesses. IT and company executives – from the CEO down – have a lot to think about these days as they try to protect that asset.
Many U.S. states and territories have been hammered by natural disasters, reminding businesses that disaster preparation is no luxury. However, cyber threats are never far from mind as data breaches abound – the Equifax and Verizon breaches are just two recent examples of high-profile cyberattacks.
Taking cyber threats personally
Both natural disasters and premeditated cyberattacks can cripple a company, but executives and IT pros apparently view the two potential disasters differently. Despite devastating hurricanes and tropical storms in Houston, Florida, Puerto Rico and other locations, respondents to a recent survey of 375 business leaders, including IT and security professionals, are decidedly more concerned with cyber threats than the next natural disaster.
A whopping 74 percent of respondents say they consider a data breach, hack or cyberattack a greater disaster risk to business than a natural disaster (e.g., hurricane, tornado and so on). However, more have experienced a natural disaster (23 percent versus 19 percent).
You can’t blame executives for being gun-shy about data breaches as you don’t often read about C-level executives losing their jobs over the havoc wreaked by natural disasters. Equifax’s CEO, CSO and CIO all “retired” after a data breach impacted over 140 million customers and Target's CEO stepped down in 2014 following a massive data breach.
In fact, when asked to rate concerns on a scale of 1-13, with 1 being the riskiest, 34 percent listed cyberattacks as their top concern (and 55 percent listed it as one of their top three concerns). Coming in at a distant second place as the top priority was a utility outage, with 13 percent. However, 47 percent listed it among their top three concerns.
Preparing for cyberattacks
Given those answers, it’s not surprising that utility outages and cyberattacks are the two areas respondents said they are most fully prepared to withstand without disruption. That is, they are confident they would suffer no downtime, service or systems unavailability.
Respondents are applying many defenses, but no one approach was dominant.
Asked “What has your organization done to better prepare for potential cyber security disasters (e.g., a data breach, cyberattack, ransomware)?” respondents were not overwhelmingly consistent in where they had focused their defenses.
Some 14 percent had “implemented new or improved cyber security protections,” 13 percent had “educated employees on cyber security best practices,” 12 percent “reevaluated and/or updated disaster recovery and incident response plans,” and 11 percent “performed penetration tests” and “conducted trainings with employees on what to do in the event of an emergency.”
How natural disaster recovery plans are changing
While cyber threats may be more likely to keep IT and business leaders awake at night, some companies are preparing for the next natural disaster. While a large majority (78 percent) of respondents said they were confident their organization had an effective plan in place to recover from natural disasters prior to the 2017 hurricane season, 31 percent of respondents are now reconsidering their existing plans and 26 percent will likely implement a new plan. But 40 percent say they have no plans to change how they plan for disaster recovery.
What a disaster costs
You don’t have to be hit by a major natural disaster and or be in the headlines for a data breach to feel the financial impact. In fact, 12 percent of the 375 respondents say they have spent more than $1 million over the past five years and more than 21 percent have spent more than $500,000 on disaster recovery.
That cost may not seem staggering if you are a Fortune 500 company, but of the 375 respondents, 65 percent have fewer than 1,000 employees and 43 percent have fewer than 500 employees – and for those companies $1 million dollars is a significant cost.
Are you ready?
With both natural and man-made threats on the horizon, businesses must be prepared to handle any threat that comes their way. However, respondents didn’t demonstrate confidence in their preparedness.
Asked to rank their level of confidence in their ability to overcome any kind of disaster (with 1 being most confident), responses were reserved. Only 10 percent ranked their confidence as 1, 2 or 3. A third of respondents listed their confidence as an 8, 9 or 10, the bottom of the scale.
Where do you fall?
Dan Muse is a technology journalist and content consultant. He’s the former editor in chief of CIO.com. He has covered technology for three decades and held senior editorial positions with Ziff Davis, Jupitermedia, Disney Publishing, McGraw-Hill and Advance Digital.