The most common causes for a major cybersecurity incident in local government are password misuse (46 percent). This is followed by a supply chain breach (44 percent), an alert that an analyst missed (41 percent); and technology not detecting the incident (36 percent), according to a new survey of global CISOs in the sector.
When considering the impact of a major cybersecurity incident on their organisation, more than half (51 percent) of global CISOS in local government cited damages paid to third parties. Forty-six percent reported business downtime, 31 percent data loss, and 27 percent revenue loss as having a significant impacts, according to the Mind of the CISO: Behind the Breach research by cybersecurity firm, Trellix.
With regards to the people, processes and technology changes that were implemented following a major cybersecurity incident, 56 percent of global CISOs in local government created regular reviews of their capabilities, architecture and staffing. Thirty-four percent rethought their overall security strategy, 32 percent implemented new frameworks, and 32 percent invested in more automation and orchestration.
Support from the board after an incident
In the aftermath of a cyber incident, 62 percent of UK CISOs have received what they describe as “a lot more support” from the board. This is a positive shift when compared to previous findings which reported that the vast majority (96 percent) of CISOs found it challenging at the time. However, this largely fails to prevent future incidents.
More than half (58 percent) of UK CISOs have experienced repeated successful attacks in the past five years.
Trellix CEO Bryan Palmer said: “Raising the urgency and cyber literacy of their own board is one of the CISO’s greatest challenges. The research suggests many boards’ willingness to support cybersecurity only happens after an attack. Clearly, it should be the other way around.”
When identifying the causes behind major cybersecurity incidents, more than a third of CISOs cited that the wrong technology or incorrect configuration contributed to failures in detecting an attack and therefore the likelihood of preventing a subsequent breach.
