Research reveals businesses lack confidence in their own plans to manage cyber attacks

Research reveal lack confidence in plans to manage cyber attacks
Only 9% of UK businesses are totally confident in their cyber breach mitigation plans
BAE Systems has released new research into how businesses can react to a cyber incident. The study found that just 9% of UK businesses feel totally confident in their organisation’s cyber breach mitigation plan. Despite continuing news of cyber attacks and data breaches every day, the findings indicate that businesses are still struggling to establish plans that will help them deal with this 21st century threat.
The responses by sector reveal that no companies surveyed from the manufacturing industry are totally confident in their organisation’s cyber breach mitigation plan. This is followed by:
  • 5% from ‘other’ commercial sectors
  • 7% from retail, distribution and transport
  • 10% from IT
  • 15% from business and professional services 
  • 15% from financial services
James Hatch, Cyber Services Director at BAE Systems Applied Intelligence, said:
“Many organisations still see dealing with a cyber security breach as a black swan event, something significant and unexpected that in hindsight could have been prevented, and have not yet made their mitigation plans business as usual. Effective management of cyber breaches requires businesses to be organised and prepared for the threats that they face, with a clear process in place. Everyone involved should be confident in what they need to do.”
When asked what was their most important tool in identifying a cyber-attack quickly, almost half (48%) said that technology is their most important tool, with people coming second at 32%. Just 15% named process – but organisations need to deploy a combination of people, process and technology in order to be cyber resilient.
Hatch commented:
“There are two problems. Most organisations struggle to deal with something beyond the experience of their people. Each time existing experience is stretched it can cause an emotional reaction within organisations. They have to prepare for these new experiences and learn how to handle in the future. External specialists can help but are most effective when their involvement and arrangements for mobilisation, access and communication are defined in advance. There is absolutely a role for technology and automation, especially in reducing the workload involved in dealing with routine incidents so that security teams have the bandwidth to deal with what really matters.
“The range of incidents that an organisation can face varies hugely from ransomware outbreaks to covert targeted attacks to accidental data breaches. But that doesn’t mean that businesses cannot be prepared for all of these eventualities. The key is to differentiate the routine from the unusual and the urgent from the important and prepare for each with the right combination of technology and automation, people and skills, policy and process. Once this is done, cyber breaches become more manageable and less emotional.”
To discuss further, please visit BAE Systems at RSA in the North Expo hall, Booth 3735; several live on-booth presentations will be held daily. On Tuesday, April 17th at 2:20pm, Colin McKinty will be speaking in the North Expo Briefing Center on “The Evolution of Cyber Crime: A New Approach to Risk is Critical.”
For further information, please contact:
BAE Systems

Nick Haigh, BAE Systems
M: +44 (0) 7525 390982
Bite Communications 
Holly Ledlin, Bite Communications 
M: +44 (0) 7827 917023

Notes for Editors 

About the Research
The data contained in this release comes from 300 IT decision makers in the UK and the US, from organizations with 1000 employees or more, in a variety of commercial sectors. Interviews were conducted in February 2018, and were undertaken online using a rigorous multi-level screening process to ensure that only suitable candidates were given the opportunity to participate.
The research was conducted independently by Vanson Bourne, an independent specialist in market research for the technology sector. Their reputation for robust and credible research-based analysis is founded upon rigorous research principles and their ability to seek the opinions of senior decision makers across technical and business functions, in all business sectors and all major markets. For more information, visit

Cyber Incident Response Survey Results Infographic

Cyber Incident Response Survey Results Infographic - Click to View Full Infographic

Cyber Incident Response Survey Results Infographic - Click to View Full Infographic

About BAE Systems
At BAE Systems, we provide some of the world’s most advanced technology defence, aerospace and security solutions. We employ a skilled workforce of 82,500 people in over 40 countries. Working with customers and local partners, our products and services deliver military capability, protect people and national security, and keep critical information and infrastructure secure.
At BAE Systems Applied Intelligence, we help nations, governments and businesses around the world defend themselves against cybercrime, reduce their risk in the connected world, comply with regulation, and transform their operations. For further information about BAE Systems Applied Intelligence, please visit: 
Issued by:
BAE Systems plc
Media hotline: + 44 (0) 7801 717739
Ref: 048/2018