Business resilience should be a core company strategy, so why are businesses struggling to take action?
A recent survey showed that only 51% of U.S. business decision makers say their organization is definitely as resilient as it needs to be against disruptions such as cyber threats. In addition, the survey showed that 96% of U.S. business decision makers claim business resilience should be a core company strategy.
If 96% of business decision makers realize this, why are organizations still struggling to protect themselves against cybercrime and technology-based disruption?
IT teams face major obstacles
The speed of innovation and complexity of technology have led organizations to purchase multiple tools to try and solve IT security and operational challenges. This has stressed their teams, which spend a lot of time configuring and managing these tools, and also created a fragmented collection of endpoints, any one of which could be a threat vector.
Point products and disconnected services haven’t made organizations any more resilient against disruption. Although 96% of survey respondents understood that working toward business resilience would be core to the company strategy, most organizations are still struggling to achieve it.
The study highlighted that several barriers to achieving business resilience remain, including clear challenges between internal organizational structures and access to the right skills and technology. When asked what they think are their organization’s biggest barriers to being resilient against business disruptions, about a third (33%) of respondents said they believe that hackers are more sophisticated than their IT teams, and just around one-fifth (21%) don’t have the skills needed within the company to accurately detect cyber breaches in real-time. In addition, 22% of survey respondents claimed that poor visibility of entry points are barriers to resilience.
Many organizations also don’t realize how exposed they are. Just over a third (33%) of organizations admit they could not accurately calculate the loss of revenue and productivity from a cyber attack, and just over a quarter (28%) believe they wouldn’t be able to calculate the cost of response efforts.
Everyone’s responsibility
When asked who they felt was responsible for achieving business resilience, many of the respondents were unsure where the responsibility lies. While 30% of those polled believe the CIO or Head of IT should be responsible, 32% believe every employee should be held accountable for practicing safe security practices. Only a fifth (19%) believe that either the CEO or senior leadership team are the ones fully responsible for the company’s business resilience.
In reality, it’s up to every member of the organization to help build a resilient business. Many companies require security training workshops at the beginning of employment, which is a great first start, but just that – a start. Security posture takes practice. It’s up to every member of the team to learn about security threats and how to safeguard against them to ensure the company can stay resilient.
Laying the foundation for a resilient culture
As organizations look to build a strong security culture and achieve business resilience, it’s crucial that they have the right strategy in place. This means having the right personnel, processes, and solutions to combat threats and mitigate risks. In the event of a sophisticated attack, unpatched software or an employee visiting a compromised site or clicking on a malicious link, it is essential that IT can view all endpoints across the entire network with the ability to thwart potential threats immediately.
In order to achieve business resilience for long-term growth, there must be a shift in the way we look at security, and a culture needs to be built from the top down. Business resilience shouldn’t fall on the shoulders of one group or person; it’s a team effort. Prevention and recovery can no longer be the standard approach to securing businesses – they too often leave us several steps behind attackers. Instead, organizations need to ensure that their data is accurate and actionable, and that starts with having real-time visibility and control over all computing devices. When you can achieve that, you’re on your way to building a resilient business.