The telecom industry is often viewed as belonging to the critical infrastructure sector, where cybersecurity is absolutely essential to business continuity. Yet, despite the fact that 96% of IT/telecom organizations claim to have a comprehensive cyber-response plan, data from a new study done by Semperis shows that these cybersecurity plans aren’t always being well-executed.
The report, “The State of Enterprise Cyber Crisis Readiness,” is based on a global study of 1,000 respondents in not only IT/telecom but in other industries including energy, finance, travel/transportation, education, health care, manufacturing/utilities, and government. The study’s findings show a “dangerous gap” between incident response (IR) plans and their real-world execution, noting that “most organizations aren’t battle-ready when it counts.”
For example, although 96% of companies across all industries covered in the study said they have a cyber-crisis-response plan, 71% experienced at least one high-impact cybersecurity event last year that halted critical business functions — and 36% suffered multiple high-impact events. Nine out of 10 respondents activated their enterprise’s crisis-response plan at least once in the past year, with some activating it more than 25 times.
The study found that despite frequent testing of their cybersecurity incident-response plans, most organizations are not battle-ready because of blockers that hamper carrying out their plans successfully.
Such blockers include cross-team communication gaps, out-of-date response plans, unclear roles and responsibilities, too many disparate tools, and staffing shortages. Semperis noted in the report that enterprises use at least 20 disparate tools, on average, for cyber crisis response.
The study showed that telecom companies, in particular, experienced multiple high-impact cybersecurity events approximately twice as often as companies in other industries. Specifically, 45% of IT/telecom companies studied had at least one high-impact cyber event that halted critical business functions in the past year.
The telecom respondents pointed to both outdated response plans and cross-team communication gaps as the main factors preventing effective cybersecurity response at their organizations.
The study also discovered that almost 20% of telecom organizations don’t conduct tabletop exercises or response-plan audits on a quarterly or monthly basis. In addition, 20% don’t document/update cyber-response playbooks on a quarterly or monthly basis either.
“In today’s cyber threat landscape, the ability to respond swiftly and decisively is just as critical as prevention,” said Chris Inglis, the first U.S. National Cyber Director and strategic advisor at Semperis, in the cybersecurity study. “Companies need a command center for crisis management, ensuring organizations have the playbook, the training, and the coordination needed to turn chaos into control.”
The global cost of cybercrime is projected to be $10.5 trillion in 2025, the study said.
In Telecompetitor’s interview last fall with Shirley Bloomfield, CEO of NTCA–The Rural Broadband Association, she emphasized that every broadband company needs to understand the importance of making cybersecurity a priority.
