Thu, Sep 21, 2023
Over-confidence can be costly, and that is especially true in the cybersecurity space. The current landscape of cybersecurity risk, and new rules from the U.S. Securities and Exchange Commission (SEC) on reporting have created an environment where companies need to be sure to test their response capabilities – and not risk letting them stagnate.
Over-confidence was identified as a major risk factor in organizations’ approach to cybersecurity in Kroll’s, The State of Cyber Defense 2023 report. Responses from 1,000 senior security decision-makers globally show that confidence in employees to stop a cyberattack is ranked higher (66%) than trust in the accuracy of data alerts (59%) and the effectiveness of cybersecurity tools and technologies (56%).
Added to this, the 2022 Kroll report, Cyber Risk and CFOs: Over-Confidence is Costly, highlights a sharp disconnect between CFOs’ high levels of confidence in their organizations’ cybersecurity abilities and the significant level of damage inflicted by cyber incidents. The report revealed that, while 87% of CFOs surveyed were overwhelmingly confident in their company’s ability to detect and respond to cyber incidents, most of the surveyed executives (61%) said that their businesses had suffered at least three significant cyber incidents in the past 18 months. This type of organizational cognitive dissonance can have significant consequences for businesses.
Most Trusted Methods by IT and Security Decision-makers
An excess of confidence in cybersecurity measures is not only a failure of organizational culture but a threat to business-as-usual. The risks are even greater due to the new SEC rule that marks a significant shift in how cyber breaches must be disclosed. Publicly traded companies will be required to publicize details of a cyberattack within four days of determining it is significant enough to have a material impact on the organization. It is vital that directors and boards do not simply focus on the short reporting period, but on what they need to do to prepare to meet the new requirements.
The assessment of ‘material’ is the key in this context. It implies that organizations can quickly, accurately and reliably assess the materiality of a cyber-incident in the moment. Yet that’s not necessarily easy. In the critical early hours of an incident there may be limited information on which organizations can base a materiality assessment, making the decision on reporting may be problematic. The short time-frame for required reporting means that businesses don’t have a lot of time to figure out what they’re going to do in response to a potential or actual incident. Without the relevant pre-authorized resources to support them, they may very quickly find themselves in trouble.
There are a number of steps companies can take to address the potential pitfalls of over-confidence while developing an effective response to the new SEC breach reporting rules. These include:
At a time of evolving threats and complex security demands, the change to the SEC reporting rule puts more pressure on already squeezed company boards. However, it also presents a valuable opportunity for organizations to reset their approach, away from over-reliance on well-worn, familiar ways of working.
By embracing the new rule as an opportunity to update their cyber strategy and collaborate with proven security partners, boards can better mitigate the threat of organizational over-confidence.
To learn more, download The State of Cyber Defense 2023: The False-Positive of Trust.
Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.
Kroll delivers more than a typical incident response retainer—secure a true cyber risk retainer with elite digital forensics and incident response capabilities and maximum flexibility for proactive and notification services.
Kroll's computer forensics experts ensure that no digital evidence is overlooked and assist at any stage of an investigation or litigation, regardless of the number or location of data sources.
Validate your cyber defenses against real-world threats. Kroll’s world-class penetration testing services bring together front-line threat intelligence, thousands of hours of cyber security assessments completed each year and a team of certified cyber experts — the foundation for our sophisticated and scalable approach.
Stop cyberattacks. Kroll Responder managed detection and response is fueled by seasoned IR experts and frontline threat intelligence to deliver unrivaled response.
Kroll’s Virtual CISO (vCISO) services help executives, security and technology teams safeguard information assets while supporting business operations with augmented cyber expertise to reduce business risk, signal commitment to data security and enhance overall security posture.
Kroll is the largest global IR provider with experienced responders who can handle the entire security incident lifecycle.
Kroll’s multi-layered approach to cloud security consulting services merges our industry-leading team of AWS and Azure-certified architects, cloud security experts and unrivalled incident expertise.
Kroll’s ransomware preparedness assessment helps your organization avoid ransomware attacks by examining 14 crucial security areas and attack vectors.