Learning lessons
Despite the likelihood of suffering a data breach, most executives don't feel their organisations are very good at learning lessons from past mistakes. A global survey by the Economist Intelligence Unit and Willis Towers Watson found "little consensus among boards and executives on cyber resiliency planning, including the deployment of strategies across the organisation, where to allocate funds, and what areas of the organisation are most at risk." The finding is backed up by a separate survey for IBM. Despite the constant stream of high-profile attacks, 77% of respondents admitted to having no formal cybersecurity incident response plan. Our view is that preparation is an essential part of effective governance. Unfortunately, data breaches will happen; working out how to handle them after the fact is likely to make a bad situation worse.