The EY Fraud Investigation & Dispute Services practice has a global reach. Find out who our country leaders are and how you can get in touch.
Companies continue to face the threat of cyber attacks by various actors, including sovereign states, organized crime and terrorist groups. When they occur, such breaches can have a highly disruptive impact on a company’s operations potentially resulting in higher operating costs, the loss of intellectual property and the leak of confidential information.
In the key growth-target regions of India and Africa, 72% and 58% of respondents, respectively, considered cyber attacks to pose a high risk to companies similar to their own. Overall, almost half of those interviewed shared this view. Given the broad-based recognition of the problem, it is therefore unsurprising that 59% of our respondents believed that their company should have a Cyber Breach Response Program (CBRP) in place.
Respondents to our survey indicated, however, that awareness of such programs differs starkly between senior executives and more junior employees. While over half of all board directors and senior managers feel that their company has a CBRP in place, only 1 in 3 of other employees believed that their company had such a program.
Given that the effectiveness of any CBRP is dependent on the awareness and involvement of the company’s cross-functional stakeholders, this apparent lack of awareness among employees is concerning. If employees do not know how to escalate their concerns, issues that appear minor or localized may be left unreported. This may prevent the company from taking appropriate action to assess, investigate and respond in the event of a potential incident, impacting a company’s ability to reduce the extent of the damage incurred.