NEW YORK, March 1, 2018 /PRNewswire/ -- When it comes to responding to a cyber security attack, healthcare leaders point to serious gaps in the processes about how to respond to a breach, particularly about training and being informed about standard operating procedures, according to a poll conducted by KPMG LLP, the U.S. tax, audit and advisory firm.
"To borrow a phrase from the movie Cool Hand Luke, 'what we've got here is a failure to communicate,' and that certainly applies to healthcare organizations in their cyber-attack protocols and response plans," said Michael Ebert, Partner, and KPMG's cyber leader for healthcare. "Healthcare IT leaders need communicate more effectively and frequently about the tremendous risks and potential ramifications tied to cyber incidents, and that includes training. If you look at cyber strategy as needing people, processes and technology, many organizations are falling short on the process."
In polling 154 healthcare & life sciences leaders, KPMG found that more than half (51%) of respondents say that written operating procedures about how to respond to a cyber-attack either don't exist or they are unaware of what those standards are for responding to varying types of cyber events and elevated incidence that impact an organization. With so many different types of threats, from insider threats, to malware, to direct hacking and penetration, organizations need to have multiple cyber response plans and process as well as simulate these through annual "war games."
The KPMG poll, which was conducted during the KPMG webcast, It's not a question of if you will experience a breach, it's a question of when. Are you able to respond to today's cyber threats?, also found:
- 29 percent of respondents did not know what actions an organization took once a cyber-attack or data breach was resolved. Technology upgrades were seen by 15 percent of respondents and training was improved at another 14 percent. Staffing or leadership were changed in a combined 17 percent of respondents' organizations. Another 24 percent responded that they didn't have a breach.
- 25 percent of respondents said data compromises after a cyber-attack were resolved within a day and another 15 percent said "a few days" and 16 percent found the issue to linger more than a week.
- Lack of training was the biggest weakness in cyber security defenses (29 percent), topping dealing with third parties (20 percent).
- The loss of confidential information from a cyber-attack was the biggest source of damage from a breach (41 percent), but the second largest response was "reputation damage" at 27 percent.
About KPMG LLP
KPMG is one of the world's leading professional services firms, providing innovative business solutions and audit, tax, and advisory services to many of the world's largest and most prestigious organizations.
KPMG is widely recognized for being a great place to work and build a career. Our people share a sense of purpose in the work we do, and a strong commitment to community service, inclusion and diversity, and eradicating childhood illiteracy.
KPMG LLP is the independent U.S. member firm of KPMG International Cooperative ("KPMG International"). KPMG International's independent member firms have 197,000 professionals working in 154 countries. Learn more at www.kpmg.com/us.
SOURCE KPMG LLP