New BAE Systems research reveals human error still major vulnerability in network security

Organisations have long focused their cybersecurity positioning around prevention; however, with the sophistication and frequency of attacks increasing, more organisations are beginning to prioritize incident response teams, groups of specialists trained to address and defeat attacks that make it past existing protections. Today, BAE Systems released insights from its new incident response report, which shines a light on the cause of these breaches.

BAE Systems surveyed board-level executives, IT decision makers, and information security professionals to understand the current state of corporate incident response capabilities and readiness. Organizations ranged from governmental agencies to healthcare and technology firms, and from small (less than 500 employees) to large (more than 10,000 employees) enterprises.

Human error continues to be a major concern. A major finding from the results showcase how many of the organizational breaches are caused by human error, with attackers preying on human nature and employees making honest — but costly — mistakes in the course of their daily routine.

· 71 per cent of incidents were phishing attacks.
· 65 per cent were untargeted viruses or malware.

Incident response teams are dealing with an increasing number of incidents per month

· 66 per cent of organizations responded to between one and 25 cybersecurity incidents per month
· 26 per cent of organizations responded to between 25 and 99 incidents per month.
· Nearly 8 per cent responded to 100 or more incidents per month.

Many organizations are just not prepared to respond to cyber threats.

· 23 per cent of incident response teams do not conduct readiness exercises with senior management, missing an opportunity for both executive buy-in and staff skill development.
· 22 per cent only have temporary or no incident response resources in place.

To help with this business challenge, BAE Systems has published its2019 incident response report, ‘Why Ignoring Incident Response Could Spell Disaster,’ which includes a checklist to help companies document their existing security preparedness. To learn more about incident response and download the report, visit

Related Posts