Cyber Resilience: Report Shows Rise in Proactive Measures Amid Increasing Ransomware Attacks

The Business Continuity Institute (BCI), a global network of business continuity and resilience professionals, just released its BCI Cyber Resilience Report 2023. The report digs into the disruptive effects of cyberattacks on organizations, the cyber resilience actions these organizations are taking, and the role of senior executives in developing cyber resilience strategies.

The bad news is that 74 percent of respondents saw an increase in cyberattacks over the previous 12 months. The (somewhat) good news is that the impact of those attacks was “small to medium.”

BCI says that these reduced impacts result from respondents adopting a proactive approach to cyber resilience. That’s also reflected in the survey results, with more organizations now reporting an increase in the use of technical measures and organizational policies that reduce the impacts of cyber incidents.

Here are some of the other key results of the survey:

Social Engineering Drives Ransomware Attacks

The report found that employees falling for social engineering techniques were the cause of most attacks, with nearly three-quarters of respondents saying their organization suffered a cyber incident due to phishing or spear phishing. The primary causes? Employees opening malicious links, opening infected downloads, or visiting malicious sites. Ransomware continues to be the most frequent and disruptive threat.

And the result? Financial losses resulting from cyber incidents were upwards of €10,000 for more than 40 percent of respondents. And nearly one in three respondents said their organization had suffered more than five cyber incidents in the previous 12 months.

Cybersecurity, IT, and Executive Teams: Leading Cyber Resilience Strategies

Clearly, the need for proactive cyber resilience strategies is sinking in, as 65 percent of respondents reported that high levels of top management were committed to cyber resilience. And nearly 87 percent have business continuity arrangements to deal with cyber incidents, while 66 percent execute regular backups to ensure cyber resilience.

The report points out that data silos that separate business continuity and cybersecurity remain an “omnipresent issue,” highlighting the need for more integration between technical teams. Notably, there was nearly unanimous respondent agreement that these closer relationships need to be created through solid leadership in cyber strategy by top management.

Culture Makes All the Difference

A cyber-aware organizational culture is a foundation for building cyber resilience. Respondents said that employee training, validation and testing, and having internal policies in place are critical. And they are dedicating efforts and resources to make cyber awareness an essential aspect of the organization’s culture. The survey found a significant increase in training and exercises over the prior year.

Many organizations have dedicated teams or structures to comply with regulations and align with industry standards relating to cybersecurity and business continuity.

Validate Your Defenses

BCI says that validation is vital to cyber resilience, with the data showing that most organizations conduct cyber exercises and penetration tests incorporating learnings from prior incidents and simulations. Outsourcing these services is increasingly popular.

Business Continuity and Cyber Resilience

One of the survey’s findings is that business continuity efforts support cyber resilience. The primary reasons given for that support include faster recovery (81 percent of respondents), mitigation of financial losses (51 percent), and the availability of expert resources to deal with incidents at 50 percent. BCI concludes that this metric suggests that the business continuity profession has adjusted to evolving challenges by taking a more dynamic approach.

Immutable Backups and Cyber Resilience

The survey also found that respondents used several tools to ensure cyber resilience. These include regular backups of critical data (66 percent), regular updates of software and applications (64 percent), endpoint protections like next-gen firewalls or endpoint detection and response (EDR) (56 percent), and disaster recovery programs (53 percent).

This is where the report makes what we think is its most critical point: “Backups are a useful technique to defend against malware, but vulnerabilities remain. The backup itself could also have become compromised by malware, which leaves the organization without lines of defense.” BCI adds, "an increasing number of cyber security and IT teams are shifting to immutable backups to help mitigate the threat.”

Make Data Resilience and Cyber Resilience Your Priority

The BCI survey shows that organizations are making progress as they work toward becoming more resilient. But implementing an effective data resilience and cyber resilience strategy is complex and can be overwhelming for internal teams.

By working with an Arcserve technology partner, you gain access to the expertise and experience necessary to navigate your options and put solutions in place that solidify your ability to prevent cyberattacks and recover quickly if you become a victim.

Find an expert Arcserve technology partner here. Check out our demos to learn more about Arcserve's immutable storage solutions.