1. 11/01/17 The Business Continuity Institute 1
Continuity and Resilience (CORE)
ISO 22301 BCM Consulting Firm
Presentations by speakers at the
5th India Business & IT Resilience Summit
June 1, 2017 at Meluha – The an Ecotel Hotel
Mumbai, India
Our Contact Details:
UAE INDIA
Continuity and Resilience
P. O. Box 127557
Abu Dhabi, United Arab Emirates
Mobile:+971 50 8460530
Tel: +971 2 8152831
Fax: +971 2 8152888
Email: info@coreconsulting.ae
Continuity and Resilience
Level 15,Eros Corporate Tower
Nehru Place ,New Delhi-110019
Tel: +91 11 41055534/ +91 11 41613033
Fax: ++91 11 41055535
Email: info@coreconsulting.ae
2. 11/01/17 The Business Continuity Institute 22
The BCI Cyber Resilience Report 2017
David West CBCI
3. 11/01/17 The Business Continuity Institute 3
organizations
About the BCI Cyber Resilience Report 2017
countries
• 221 organizations from India – promoted in partnership with Nasscom
• Functional roles include business continuity, risk management and IT disaster recovery
• Top sectors represented include IT and communications (35%), finance and insurance
(29%) and professional services (14%)
• 85% come from large enterprises
745 69
4. 11/01/17 The Business Continuity Institute 4
• Almost three-quarters of Indian organizations (72%) report at least 1 cyber
incident in the last 12 months
• Top drivers of disruption include phishing and social engineering (57%), malware
(35%) and spear phishing (23%)
• Indian organizations outperform the global average in terms of deploying
business continuity arrangements for cyber resilience issues (91% compared to
87%) and top management commitment to cyber resilience (75% compared to
60%)
The headlines
BCI Cyber Resilience Report 2017
5. 11/01/17 The Business Continuity Institute 5
Frequency of cyber disruptions
28
46
9
1
1 3
12
0
1-5
6-10
11-20
21-50
51+
Don’t know
• Almost three-quarters of Indian organizations (72%) report at least 1 cyber incident in
the last 12 months
6. 11/01/17 The Business Continuity Institute 6
Drivers of cyber disruptions
15
15
16
16
23
35
46
Insider threat
Out of date software
Denial of service
Ransomware
Spear phishing
Malware
Phishing and social engineering
0 5 10 15 20 25 30 35 40 45 50
• Top drivers of disruption include phishing and social engineering (57%), malware (35%)
and spear phishing (23%)
7. 11/01/17 The Business Continuity Institute 7
Cumulative cost of cyber disruptions
80
13
1
2
1 1 0
2
0
Up to €50k
€50-250k
€250-500k
€500k-1m
€1-10m
€10-50m
€50-250m
€250-500m
More than €500m
• 80% of Indian organizations report losses of up to €50,000 due to cyber disruptions in
the last 12 months
• 4% of Indian organizations lost at least €1 million during the same time period
8. 11/01/17 The Business Continuity Institute 8
Top management commitment to cyber resilience
75
22
1 0
2
High
Medium
Low
None
Don't know
• Indian organizations outperform the global average in terms of high top management
commitment to cyber resilience issues (75% compared to 60%)
9. 11/01/17 The Business Continuity Institute 9
Deploying business continuity arrangements for
cyber disruptions
91
4
5
YES
NO
Don't know
• Indian organizations also outperform the global average in terms of deploying business
continuity arrangements for cyber disruptions (91% compared to 87%)
10. 11/01/17 The Business Continuity Institute 10
Response time to cyber disruptions
31
31
13
11
14
Less than 1 hour
1-2 hours
2-3 hours
3-4 hours
More than 4 hours
• Almost a third of Indian organizations (31%) respond to cyber disruptions within an
hour of its discovery
11. 11/01/17 The Business Continuity Institute 11
Cyber resilience issues
What are practitioners saying?
Business continuity strategies must take all
potential cyber security events into account,
especially with the emergence of large scale
cyber-attacks.
Business continuity programmes are beginning
to be looked at and invested into as possible
strategic assets for cyber resilience.
Business continuity plans get activated when cyber
security is a threat, so it is no more a domain only for
InfoSec people. The business continuity guys have to
widen their scope and knowledge base to cope.
12. 11/01/17 The Business Continuity Institute 12
• Business continuity professionals should collaborate and engage with their
cyber/information security colleagues.
• Reputation management remains a key driver in pushing the cyber resilience
agenda.
• The cyber resilience of suppliers is expected to increasingly influence
organizations’ cyber resilience in turn.
• Legislative and regulatory changes are expected to drive cyber resilience and
heavily influence efforts in the area.
Key takeaways
BCI Cyber Resilience Report 2017