View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

BAE Systems: Just 7% Concerned Hack Would Cause Revenue Loss

Survey suggests complacency about financial risk

By CBR Staff Writer

BAE Systems says just seven percent of respondents to a recent survey say protection against revenue loss is a key reason to establish an cybersecurity incident response plan.

That’s despite recent attacks that have caused devastation to IT infrastructure: shipping giant Maersk spent nearly £230 million following the NotPetya attack in 2017, when it had to rip out and replace 4,000 servers, 45,000 PCs and over 2,500 software applications.

The survey also found that over 20 percent of organisations have absolutely no permanent cyber security incident response or resources in place, this is despite over 60 percent of organisations suffering between one and 25 attacks a month.

BAE Systems

How frequently do you rely on third-party support to investigate or respond to security incidents? Image Source: BAE

BAE Systems Survey: Are Boards Taking Risks Seriously Enough?

Farnborough-based security and defense giant BAE Systems  also found that 26 percent of company executives they surveyed reported having to deal with 25 to 99 incidents every month.

The financial repercussion of a cyber incident are of course tied into the type of incident and organisation affected, but these costs can come from a myriad of sources such as compliance cost, reputational repair and, as Maersk and others saw, infrastructure replacement.

Employee Cyber Security Incident Response Training

BAE Systems found that most security incidents are phishing-based: just over 70 percent of reported attacks are related to credential phishing.

“The high rate of phishing, viruses, and malware attacks suggests that organisations aren’t helping employees become more aware of the threats, which could be alleviated by a stronger training regimen and periodic testing of employees’ ability to identify suspicious emails, bogus websites and links.”

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?

The paper points out that even the best tools and automated cybersecurity software are ‘rendered meaningless’ if the cyber security awareness levels of employees is so low that they inadvertently cause the company to suffer continued attacks through poor practice.

Nearly half of the executives surveyed by BAE said that they rely on third party vendors to help them build cyber security countermeasures or investigate their internal systems.

BAE note that working with outside expertise companies: “Can create policy and procedural guidelines to help meet regulatory requirements. In addition, playbooks can be developed to address specific types of incidents such as phishing and breach of privacy. These playbooks aid the incident response team in resolving incidents quickly and in a controlled, well-documented and well-informed manner.”

See Also: Fireeye Report: Detection Improving, but Hackers Are Changing Tactics

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.