According to a study issued by consulting firm PwC, nearly half of US companies do not have an active plan to respond to cyber incidents, while 17% do not have any plan at all. Of those in the latter category, one in three survey respondents said they don’t think they need one.
Board attention is also lacking, although the US fares better than the rest of the world. Globally, 27% of boards request information about the company’s cyber readiness more than once a year; that number rises to 40% among US boards.
Cyber-crime ranks second among the types of economic crimes that worry for US companies, just slightly behind concerns about the misappropriation of assets. Furthermore, 88% of surveyed US CEOs rank cyber threats as the greatest threat to growth in the coming year.
Still, fewer than half of the companies surveyed said they have fully trained staff to respond to a cyber crisis. And when they do have people to respond, they are typically members of the IT department and not representatives of the legal staff, human resources department or digital forensic investigators.
Some 52% of companies do not believe that local or federal authorities have the skills or resources to investigate and prosecute economic crimes. Those views come even as 38% of US organizations said they experienced economic crime in the last 24 months.
The annual global survey included nearly 6,300 respondents from 115 countries. They represented 10 industries, including financial services.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now