Impact Assessment Instrument and observed frequencies among respondents (n = 55)
| Impact item . | Degree of severity (3-point ordinal scale) . | ||
|---|---|---|---|
| 1 = Low . | 2 = Medium . | 3 = High . | |
| Business continuity disruption timeframe (n = 52) | Up to 1 week (65%) | Up to 2 weeks (14%) | More than 2 weeks (21%) |
| Recovery time (n = 51) | Up to 1 week (59%) | Up to 1 month (22%) | Several months or more, if at all (19%) |
| Affected devices (n = 53) | One or more user devices, possibly including shares on one or more servers (53%) | Several devices and more than one server; or where a central server is encrypted affecting not just individual users but the functioning of a whole department (19%) | All or majority of devices, completely or almost completely crippling IT systems (28%) |
| Encrypted information critical to business (n = 51) | Some data compromised, but nothing critical (29%) | Data critical to some business functions of low to medium priority (24%) | Data critical to majority of business functions, or some high priority function(s) (47%) |
| Information loss (n = 47) | No loss or some loss acceptable with incremental backups (57%) | Loss affecting some critical business functions (32%) | Loss affecting all or majority of critical business functions (11%) |
| Overall impact severity (composite score) (n = 55) | Low (27%) | Medium (20%) | High (53%) |
| Impact item . | Degree of severity (3-point ordinal scale) . | ||
|---|---|---|---|
| 1 = Low . | 2 = Medium . | 3 = High . | |
| Business continuity disruption timeframe (n = 52) | Up to 1 week (65%) | Up to 2 weeks (14%) | More than 2 weeks (21%) |
| Recovery time (n = 51) | Up to 1 week (59%) | Up to 1 month (22%) | Several months or more, if at all (19%) |
| Affected devices (n = 53) | One or more user devices, possibly including shares on one or more servers (53%) | Several devices and more than one server; or where a central server is encrypted affecting not just individual users but the functioning of a whole department (19%) | All or majority of devices, completely or almost completely crippling IT systems (28%) |
| Encrypted information critical to business (n = 51) | Some data compromised, but nothing critical (29%) | Data critical to some business functions of low to medium priority (24%) | Data critical to majority of business functions, or some high priority function(s) (47%) |
| Information loss (n = 47) | No loss or some loss acceptable with incremental backups (57%) | Loss affecting some critical business functions (32%) | Loss affecting all or majority of critical business functions (11%) |
| Overall impact severity (composite score) (n = 55) | Low (27%) | Medium (20%) | High (53%) |
Note: Overall n = 55 but item response rates ranged from 85% (47) to 96% (53).
Impact Assessment Instrument and observed frequencies among respondents (n = 55)
| Impact item . | Degree of severity (3-point ordinal scale) . | ||
|---|---|---|---|
| 1 = Low . | 2 = Medium . | 3 = High . | |
| Business continuity disruption timeframe (n = 52) | Up to 1 week (65%) | Up to 2 weeks (14%) | More than 2 weeks (21%) |
| Recovery time (n = 51) | Up to 1 week (59%) | Up to 1 month (22%) | Several months or more, if at all (19%) |
| Affected devices (n = 53) | One or more user devices, possibly including shares on one or more servers (53%) | Several devices and more than one server; or where a central server is encrypted affecting not just individual users but the functioning of a whole department (19%) | All or majority of devices, completely or almost completely crippling IT systems (28%) |
| Encrypted information critical to business (n = 51) | Some data compromised, but nothing critical (29%) | Data critical to some business functions of low to medium priority (24%) | Data critical to majority of business functions, or some high priority function(s) (47%) |
| Information loss (n = 47) | No loss or some loss acceptable with incremental backups (57%) | Loss affecting some critical business functions (32%) | Loss affecting all or majority of critical business functions (11%) |
| Overall impact severity (composite score) (n = 55) | Low (27%) | Medium (20%) | High (53%) |
| Impact item . | Degree of severity (3-point ordinal scale) . | ||
|---|---|---|---|
| 1 = Low . | 2 = Medium . | 3 = High . | |
| Business continuity disruption timeframe (n = 52) | Up to 1 week (65%) | Up to 2 weeks (14%) | More than 2 weeks (21%) |
| Recovery time (n = 51) | Up to 1 week (59%) | Up to 1 month (22%) | Several months or more, if at all (19%) |
| Affected devices (n = 53) | One or more user devices, possibly including shares on one or more servers (53%) | Several devices and more than one server; or where a central server is encrypted affecting not just individual users but the functioning of a whole department (19%) | All or majority of devices, completely or almost completely crippling IT systems (28%) |
| Encrypted information critical to business (n = 51) | Some data compromised, but nothing critical (29%) | Data critical to some business functions of low to medium priority (24%) | Data critical to majority of business functions, or some high priority function(s) (47%) |
| Information loss (n = 47) | No loss or some loss acceptable with incremental backups (57%) | Loss affecting some critical business functions (32%) | Loss affecting all or majority of critical business functions (11%) |
| Overall impact severity (composite score) (n = 55) | Low (27%) | Medium (20%) | High (53%) |
Note: Overall n = 55 but item response rates ranged from 85% (47) to 96% (53).
This PDF is available to Subscribers Only
View Article Abstract & Purchase OptionsFor full access to this pdf, sign in to an existing account, or purchase an annual subscription.
