You are here

Are firms failing to learn from cyber mistakes?

Brokers looking to help their corporate clients reduce the risk of a cyberattack may want to focus on the importance of hindsight after a recent study showed many business leaders feel they could be better at learning from past mistakes.

The study, conducted by The Economist’s Intelligence Unit and Willis Towers Watson, collated responses from over 450 senior executives and board members from around the world and found that many weren’t confident about their ability to adapt following an incident.

When asked to rate themselves on “incorporating learnings from incidents into new defensives strategies”, a quarter admitted to being below average.

Worryingly, the study also found that a third of companies had experienced a serious cyber incident in the last 12 months with most respondents placing high odds on experiencing another one in the next 12 months.

One industry expert also said that organisations don’t necessarily have to wait for an internal incident before they look for a lesson – instead, they should be reacting to every case they come across.

“You don’t have to restrict yourself to failure in your organisation,” said Ellen Rinaldi, CISO of Vanguard Investments. “Intrusions are reported in the Press every day. When you see one, you ask, ‘could this have happened here? What would have caused it to happen here? What can we put in place so it won’t happen here?’”

Two other areas in which executives reported a deficit were the ability of their organisations to identify and fill gaps in cyber-talent along with the capacity to develop a cyber-savvy workforce.