11/01/17 The Business Continuity Institute 1

Continuity and Resilience (CORE)

ISO 22301 BCM Consulting Firm

Presentations by speakers at the 5th India Business & IT Resilience Summit

June 1, 2017 at Meluha – The an Ecotel Hotel Mumbai, India

Our Contact Details:

UAE INDIA

Continuity and Resilience P. O. Box 127557

Abu Dhabi, United Arab Emirates Mobile:+971 50 8460530

Tel: +971 2 8152831 Fax: +971 2 8152888

Email: info@coreconsulting.ae

Continuity and Resilience Level 15,Eros Corporate Tower

Nehru Place ,New Delhi-110019 Tel: +91 11 41055534/ +91 11 41613033

Fax: ++91 11 41055535 Email: info@coreconsulting.ae

11/01/17 The Business Continuity Institute 2 2

The BCI Cyber Resilience Report 2017

David West CBCI

11/01/17 The Business Continuity Institute 3

organizations

About the BCI Cyber Resilience Report 2017

countries

• 221 organizations from India – promoted in partnership with Nasscom • Functional roles include business continuity, risk management and IT disaster recovery • Top sectors represented include IT and communications (35%), finance and insurance

(29%) and professional services (14%) • 85% come from large enterprises

745 69

11/01/17 The Business Continuity Institute 4

• Almost three-quarters of Indian organizations (72%) report at least 1 cyber incident in the last 12 months

• Top drivers of disruption include phishing and social engineering (57%), malware (35%) and spear phishing (23%)

• Indian organizations outperform the global average in terms of deploying business continuity arrangements for cyber resilience issues (91% compared to 87%) and top management commitment to cyber resilience (75% compared to 60%)

The headlines

BCI Cyber Resilience Report 2017

11/01/17 The Business Continuity Institute 5

Frequency of cyber disruptions

28

46

9

1 1 3

12

0

1-5

6-10

11-20

21-50

51+

Don’t know

• Almost three-quarters of Indian organizations (72%) report at least 1 cyber incident in the last 12 months

11/01/17 The Business Continuity Institute 6

Drivers of cyber disruptions

15

15

16

16

23

35

46

Insider threat

Out of date software

Denial of service

Ransomware

Spear phishing

Malware

Phishing and social engineering

0 5 10 15 20 25 30 35 40 45 50

• Top drivers of disruption include phishing and social engineering (57%), malware (35%) and spear phishing (23%)

11/01/17 The Business Continuity Institute 7

Cumulative cost of cyber disruptions

80

13

1

2

1 1 0

2

0

Up to €50k

€50-250k

€250-500k

€500k-1m

€1-10m

€10-50m

€50-250m

€250-500m

More than €500m

• 80% of Indian organizations report losses of up to €50,000 due to cyber disruptions in the last 12 months

• 4% of Indian organizations lost at least €1 million during the same time period

11/01/17 The Business Continuity Institute 8

Top management commitment to cyber resilience

75

22

1 0

2

High

Medium

Low

None

Don't know

• Indian organizations outperform the global average in terms of high top management commitment to cyber resilience issues (75% compared to 60%)

11/01/17 The Business Continuity Institute 9

Deploying business continuity arrangements for cyber disruptions

91

4 5

YES

NO

Don't know

• Indian organizations also outperform the global average in terms of deploying business continuity arrangements for cyber disruptions (91% compared to 87%)

11/01/17 The Business Continuity Institute 10

Response time to cyber disruptions

31

31

13

11

14

Less than 1 hour

1-2 hours

2-3 hours

3-4 hours

More than 4 hours

• Almost a third of Indian organizations (31%) respond to cyber disruptions within an hour of its discovery

11/01/17 The Business Continuity Institute 11

Cyber resilience issues What are practitioners saying?

Business continuity strategies must take all potential cyber security events into account, especially with the emergence of large scale cyber-attacks.

Business continuity programmes are beginning to be looked at and invested into as possible strategic assets for cyber resilience.

Business continuity plans get activated when cyber security is a threat, so it is no more a domain only for InfoSec people. The business continuity guys have to widen their scope and knowledge base to cope.

11/01/17 The Business Continuity Institute 12

• Business continuity professionals should collaborate and engage with their cyber/information security colleagues.

• Reputation management remains a key driver in pushing the cyber resilience agenda.

• The cyber resilience of suppliers is expected to increasingly influence organizations’ cyber resilience in turn.

• Legislative and regulatory changes are expected to drive cyber resilience and heavily influence efforts in the area.

Key takeaways

BCI Cyber Resilience Report 2017

11/01/17 The Business Continuity Institute 13

Thank you