A third of mid-sized organizations don't have a cyber-incident response plan
The rise of ransomware and other attacks has pushed cybersecurity up the agenda of businesses, yet according to a new study 36 percent of mid-sized organizations don't have a formal incident response plan in place.
The report from Egnyte, based on a survey of 400 US executives conducted by Wakefield Research, also shows that the rise in cyberattacks has prompted organizations to increase focus on user access to critical data repositories.
A majority of companies track geographical access (61 percent) and flag unusual user folder (57 percent) and/or time of day access (53 percent) as a means to detect unusual access to their data repositories.
Backups are of course crucial to recovering from attacks, but only 58 percent of respondents' organizations test data backup and recovery processes for critical data on a daily basis.
Cybersecurity awareness training is being delivered more frequently though, with 63 percent of respondents' organizations conducting cybersecurity awareness training at least once a quarter.
"Traditionally, mid-sized organizations have lacked the proper cybersecurity resources, so it is important that they understand the value in staying one step ahead of rapidly-evolving threats like ransomware," says Kris Lahiri, co-Founder and chief security officer at Egnyte. "The findings of this study reinforce that all businesses can bolster their cybersecurity defenses by leveraging holistic data governance tools, including data backup processes, training for end-users, and solutions to identify suspicious activity."
Given all of this it's not really a surprise that cyber insurance premiums are increasing. 47 percent of respondents' organizations have experienced premium increases of 76 percent or more in the past year.
The full report including tips for businesses to improve their protection is available on the Egnyte site.