BSI research reveals one in three organizations are unprepared for a cyber incident

Research by the cybersecurity and information resilience team at BSI shows that over a third of organizations are unprepared for a cyber incident, with one in six highlighting that they have experienced a COVID-19 related data breach and cyber-attack in the past six months.

The BSI research was conducted as part of a readiness to reopen and new hybrid office dynamic campaign to understand the levels of cybersecurity preparedness in the current environment.

Across the globe organizations are adapting their working structures, staggering teams in the office, or working from home to adhere to government health guidance regarding physical distancing and employee wellbeing. This hybrid working model, a mix of office and home, presents a range of challenges, most notably around cybersecurity where the threat landscape continues to increase.

Stephen O’Boyle, Global Head of Cybersecurity and Information Resilience Services at BSI, explains: “Today, it’s not a question of whether a breach will take place, it’s a question of how the business can manage it when it happens. Incident response is a critical component of defence should an attack take place, so making sure you are prepared is essential for the continuity and sustainability of the business.”

Readiness to reopen
Considering the changes to the way many organizations do business now, and when asked how cybersecurity ready organizations are to reopen the office, the following responses were highlighted:

• Physical security - 66 percent prepared
• Business continuity - 74 percent prepared
• Operations security - 73 percent prepared
• Network security - 75 percent prepared
• Security governance - 75 percent prepared

“Organizations should re-evaluate system changes to security operation functions that they may have made suddenly to get the business operating remotely when work from home was first required, and now determine whether those changes are still appropriate,” says Stephen.

“This includes network security as well as identity and access management (IAM) configurations. Similarly, security governance covering risk registers and corporate policies will need to be updated to align to the new operating environment, in the office and at home or an alternative remote location.”

“COVID-19 has highlighted just how vital it is to have a robust plan in place that anticipates low likelihood or high impact eventualities and how best to deal with them. While 74 percent of our survey respondents are prepared to react to a disaster event, that left 26 percent who are not, and we would advise those companies to address this quickly,” says Stephen.

Managing business continuity helps to ensure organizational and information resilience. By mitigating continuity risks, organizations gain resilience over their ability to deal with disruption consistently. Simple steps like defining roles and responsibilities for co-ordination, makes a response effort more efficient. Returning to operational capacity quickly also builds client confidence and often reduces the financial impact of disruptions should they occur.

The Consulting Services team at BSI provides an expansive range of solutions to help organizations address challenges in cybersecurity, information management and privacy, security awareness and compliance. For more information visit

Notes on Research:

Research took place as part of BSI cybersecurity and information resilience series on readiness to reopen the office and the new Hybrid office dynamic. Respondents to the research included C-Suite, Director, Management and Middle Management positions. Respondent sectors covered banking and finance, food and retail ICT and telecoms, manufacturing, and engineering as well as pharma/healthcare and medical devices, transport and logistics and professional services.