Companies continue to face the threat of cyber attacks by various actors, including sovereign states, organized crime and terrorist groups. In the key growth-target regions of India and Africa, 72% and 58% of respondents respectively, considered cyber attacks to pose a high risk to companies similar to their own. Overall, almost half of those interviewed shared this view.
Given the broad-based recognition of the problem, it is therefore unsurprising that 59% of our respondents believed that their company should have a Cyber Breach Response Program (CBRP) in place.
Respondents to EY survey indicated, however, that awareness of such programs differs starkly between senior executives and more junior employees. While over half of all board directors and senior managers feel that their company has a CBRP in place, only 1 in 3 of other employees believed that their company had such a program.
If employees do not know how to escalate their concerns, issues that appear minor or localized may be left unreported. This may prevent the company from taking appropriate action to assess, investigate and respond in the event of a potential incident, impacting a company’s ability to reduce the extent of the damage incurred.