(image courtesy: Clint Patterson/Unsplash)
Scott Shackelford is assoc. professor of business law & ethics at the IU Kelley School of Business. (photo provided)
In a first-of-its-kind study for the state, researchers from the Indiana University Kelley School of Business say nearly 20% of survey respondents say they had experienced a cyberattack in the past three years.
The research team surveyed more than 300 public and private organizations across the Hoosier state to gauge the state of preparedness against cyber risks.
The findings come from the report “State of Hoosier Cybersecurity 2020,” which was prepared for the Indiana Executive Council on Cybersecurity.
In an interview with Inside INdiana Business, Scott Shackelford, associate professor of business law and ethics, said the study was an opportunity to see what Indiana organizations are doing to safeguard their systems.
“This is the first time we have a state-level snapshot of both cyber hygiene practices as well as how businesses and local governments are using cyber risk insurance as a tool to mitigate the risks they face,” said Shackelford, who co-authored the report.
Shackelford, who also chairs the IU Cybersecurity program, says while about one-fifth of respondents indicated they had experienced a successful cyber incident since 2017, another 67% had not. The remaining 13% were not even sure if they had been attacked or declined to answer the question.
“Indiana organizations are by and large aware of the multifaceted cyber threats facing them, but the vast majority have not created incident response plans for how to manage data breaches that could result from these threats,” said Shackelford.
He says 16% said they either did not have a plan in place or were unsure about what to do to prevent cyberattacks.
“It’s clear from this first-of-its-kind report that while most Hoosier organizations are aware that cyber threats exist, most do not have a clear understanding of how to prevent or respond to cyberattacks,” said Indiana Attorney General Curtis Hill.
Hill’s office is pushing for the adoption of a safe harbor rule in Indiana which would give businesses a better understanding of how to protect consumers’ data and reward businesses who comply with steps laid out in the rule.
“Hoosiers’ data is at risk because some businesses do not take proactive measures to protect themselves and the consumers they serve from cyberattackers, and some simply do not know what precautions they ought to take,” said Hill.
The study was conducted in conjunction with the Indiana Business Research Council and the University of Arizona.
To view the report, click here.
Study co-author Scott Shackelford said the study provides a broad view of cybersecurity risks in Indiana.
Shackelford said a big risk for companies is the unidentified chain of command for cyber security.