The new cyber risk landscape

Confidence in the face of increasing risk

According to the Mazars C-suite barometer 2021, based on responses from over 1,000 C-suite executives from 39 countries, most businesses are confident in their ability to manage cyber risks: over two thirds (68%) feel their data is ‘completely’ protected and a further 29% say their data is ‘partially’ protected.

In the UK, businesses are especially confident in their level of data protection. Four in five, 80%, feel that their data maturity is higher than their competitors’. The same percentage say their data is fully protected – 12 points higher than the global average. At the same time, 72% of UK C-suites feel that cyber security risks have increased over the past year. This is 17 points higher than the global average.

A new cyber risk landscape

This confidence is encouraging, especially as these leaders also acknowledge the cyber security risks to their businesses have increased, and just over a third consider a significant data breach in the coming year likely.

Our C-suite research was conducted in late 2021, prior to the shocking invasion of Ukraine by Russian forces. We have seen devastation in many forms, and cyberattacks are part of the hostilities of this conflict. The crisis in Ukraine has elevated cyber risks across the globe, and we urge businesses of all sizes to assess and improve their cyber security measures based on the new risk landscape. Specific actions to be considered include:

1) Organise cyber risk management and resilience

• Increase awareness of phishing attacks and take measures such as warnings for email from outside of your organisation.
• Review your cyber risk landscape. Understand your cyber risks, threats and dependences
• Consider network segmentation-based internet connections and processes in relation to Ukrainian and Russian parties
• Assess your IT service providers regarding cyber risks. Understand the consequences of cyber risks in your supply chain

2) Monitor, detect and communicate

• Introduce stricter monitoring and detection of anomalies in web applications and networks
• Organise communication and information sources regarding new cyber risks and vulnerabilities
• Undertake frequent reporting to the responsible management about monitoring and detection
• Last, but not least, perform regular cyber security assessments and penetration tests on the internet-facing applications and internal network.

3) Prepare incident response

• Assess your cyber incident response procedures and be prepared for recovery following cyber incidents
• Assess your communication plans in case of a cyber incident. Be sure you have off-line lists of your contacts - including insurers, suppliers, external security specialists and legal/government agencies - and all the relevant procedures
• Make sure your backup procedure is working and keep backups off-line
• Backup not only data and software but also all data and assets necessary to recover your system, like configuration data. This also requires an actual insight in all IT-related assets.

No matter how well protected a business is, it’s likely a cyber-attack will affect them at some point: having a recovery plan to minimise the disruption and impact on your business is vital.