Businesses are often not sure their data breach response plans meet requirements despite a continuing escalation in cyber threats, a Gallagher Australia report has found.

“The main motivation for any business owner or leader to manage cyber risk is the consideration that a cyber incident is perhaps inevitable in our current digital landscape, regardless of the level of confidence you may have in your cyber security posture,” Gallagher says.

The 2021 Gallagher Australia Cyber Insights Report reflects more than 600 survey responses from organisations and looks at key risk areas as well as prevention and protection.

When it comes to having a data breach response plan or cyber incident response plan that meets business and regulatory requirements, 8% of respondents say they are extremely confident, 20% confident, 34% somewhat confident, 24% not so confident and 14% not confident at all.

Only 43% say they are extremely confident or confident that their business has sufficient insurance to cover the associated costs of a cyber incident.

“Cyber threats dramatically escalated in 2020 and this negative trend has continued into the first quarter of 2021,” Gallagher says.

“While politically motivated strike forces mount attacks against institutions and government organisations, the most common threat is from ordinary hackers managing to stay one step ahead of both business and regulators, which has been overwhelming for some organisations.”

The report highlights that cyber criminals will often look for vulnerabilities in a vendor’s security systems as a way of getting into a target’s network, since supplier networks can be comparatively more vulnerable.

But only 28% of respondents are confident their third-party suppliers would have sufficient insurance to cover cyber breach costs.