Good Cyber Incident Response Is A Competitive Advantage

Did you know that leaning into your cyber risks can be a source of competitive advantage? Here’s a stunning data point that makes my case.

This year, the NTT Group (Japanese AT&T) released their 4th annual Global Threat Intelligence Report (GTIR). Similar to the Verizon Data Breach Incident Report, the NTT report…

…analyzes attacks, threats and trends from the previous year, pulling information from 24 security operations centers, seven R&D centers, 3.5 trillion logs, 6.2 billion attacks and nearly 8,000 security clients across six continents.

Here’s one of their most striking findings:

Trend data over the last 3 years illustrates on average only 23 percent of organizations are capable of responding effectively to a cyber incident. 77 percent have no capability to respond to critical incidents and often purchase incident response support services after an incident has occurred.

You can find this supporting chart on page 47:

Screenshot 2016-05-02 07.50.21

My initial reaction is that executives are planning for cyber attacks as they do for 100-year floods: We’ll deal with it, if it ever happens.

Given the frequency and severity of the attacks documented in the rest of the report, and all over the news media, that’s not lined up at all with the reality of today’s cyber risks!

But back to the opportunity for competitive advantage: What if your fiercest competitor was a member of the 77% and was cyber-attacked? They could expect to bleed cash and be distracted for months.

Now what if you were one of the 23% able to effectively respond to a major cybersecurity incident? How would that boost digital trust with your customers and partners? How much reputation would you save by having your experts get out in front of the story? And, how much more quickly could you get back to working on what’s most important to your business?

By the way, if you want a glimpse at data breach response done very well, check out this critique of Anthem BlueCross BlueShield’s 2015 data breach.

If you want to see a poorly done example, here’s a critique of TalkTalk’s slow, awkward response.

Which one would you rather be?