Security Incidents
and Awareness Planning
Security Incidents
and Awareness Planning
Cyber Attacks and Damages
The result shows 26.5% of the enterprises suffered 'cyber attacks' in the past. More than 30% of the large companies whose IT department is staffed 11+ have encountered this problem. This means the larger the business size, the easier it becomes the target.
Experienced Cyber Attacks
Source: This report (2020)
Security Incident Reporting and Solution Assistance
Regarding the internal process for reporting incidents/attacks, 63.9% say they always escalate the issue to business owners irregardless of severity. This shows the majority of companies report incidents to their highest level of management in the incident handling mechanism.
In the event of security incidents, half of the enterprises will ask TWCERT/CC for help, especially businesses in hospitality. The percentage does not differ by size of business. In contrast, 40.5% of the companies do not seek help from external organizations, mainly businesses in manufacturing and SMEs.
n=529
Source: This report (2020)
n=529
Source: This report (2020)
Security Concerns
Whether the respondents have encountered cyber attacks previously, their biggest concern is unanimously the 'data loss' (30%) ─ the exposure of confidential data or customer/operation data leakage could subsequently impact daily operation/production.
Another 10% are concerned about 'cyber attacks,' including being hacked, system intrusion or DDoS. Nearly 10% are also worried about 'human factor,' meaning staff who lack of awareness or conceal the cyber attack without reporting.
Troubles When Handling Security Incidents
Source: This report (2020)
Enterprise Security Planning
Items to be selected/prioritized in internal security plans include 'staff', 'hardware' and 'software.' 'Staff' has the highest percentage, meaning corporations value employees' security literacy the most. Those who work in other industries and IT department staffed with 11+ show higher percentage than others.
Internal Security Prioritites
Staff
Staff training, regular courses, information
Hardware
Using security-related hardware/equipment and taking preventive measures
Software
Using security-related software appliances and taking preventive measures
As to where corporate security requirements are from, 'internal consensus' tops the list because more than half of the respondents mark this as the first, followed by 'regulatory requirement.' In comparison, 'competition within the industry' and 'industry norm' are two weaker motives.
Source of Security Requirement
Source: This report (2020)
Attitude Towards Security Planning
Concerning industry security awareness, a scale of 1 to 5 is used to evaluate the pro-activeness in security planning of the company's decision makers, the attitudes of industry peers and upstream/downstream business partners. For pro-activeness within one's own organization, the majority of respondents rate it as 4 (36.5%) or 5 points (24.8%) and the average score is 3.8.
Attitude Towards Security Planning
n=529
Source: This report (2020)
Attitudes Toward Industry Security Planning
n=529
Source: This report (2020)