Story image

Businesses confident about their 'cyber resilience' - but 77% don't have an incident response plan

19 Mar 18

The journey to becoming a ‘cyber resilient’ organization throws up all kinds of challenges but despite an apparent lack of planning, most are confident about their strategy than they were last year.

That is according to IBM and Ponemon’s latest Third Annual Study on the Cyber Resilient Organization, which polled 2800 respondents from Asia Pacific, Australia, the United States, the United Kingdom, France, Germany, Brazil, and the Middle East.

While 77% say they don’t have a formal cybersecurity incident response plan (CSIRP), 72% say they feel more cyber resilient today than they were in 2017.

They attribute that increase to their ability to hire skilled employees (61%) and 29% say they have ideal staffing to achieve cyber resilience. 77% have trouble retaining cybersecurity professionals.

IBM warns that organizations need technology and people to be truly cyber resilient.

“Organizations may be feeling more cyber resilient today, and the biggest reason why was hiring skilled personnel,” comments IBM VP of product management, Ted Julian.

According to the study, a lack of cybersecurity professionals was the biggest barrier to cyber resilience. 50% say their current CISO or security leader has been in their organisations for three years or less and 23% say they don’t have a CISO or security leader at all.

“Having the right staff in place is critical but arming them with the most modern tools to augment their work is equally as important. A response plan that orchestrates human intelligence with machine intelligence is the only way security teams are going to get ahead of the threat and improve overall cyber resilience," Julian continues.

The biggest barrier to cyber resilience, according to respondents, is a lack of investment in machine learning and AI.  31% say they have an adequate cyber resilience budget in place.

Despite increased confidence in staffing ability, this may not translate into breach prevention effectiveness.

57% of respondents say their time to resolve an incident has increased and 65% say the severity of attacks has increased.

With GDPR coming into effect from May 2018, the survey also discovered that organizations are not ready.

77% do not have an incident response plan that is applied consistently across their entire enterprise.

“A sharp focus in a few crucial areas can make a big difference when it comes to cyber resilience,” comments Dr. Larry Ponemon.

IBM’s 2017 Cost of a Data Breach Study also found that when organizations are able to contain a breach within 30 days, it could shave $1 million off the financial costs.

IBM says this highlights the value and importance of having a cybersecurity incident response plan.

“Ensuring the security function is equipped with a proper incident response plan, staffing, and budget will lead to a stronger security posture and better overall cyber resilience," Ponemon concludes.

What MSPs can learn from Datto’s Channel Ransomware Report
While there have been less high profile attacks making the headlines, the frequency of attacks is, in fact, increasing.
Cisco expands security capabilities of SD­-WAN portfolio
Until now, SD-­WAN solutions have forced IT to choose between application experience or security.
AlgoSec delivers native security management for Azure Firewall
AlgoSec’s new solution will allow a central management capability for Azure Firewall, Microsoft's new cloud-native firewall-as-a-service.
How to configure your firewall for maximum effectiveness
ManageEngine offers some firewall best practices that can help security admins handle the conundrum of speed vs security.
Exclusive: Why Australian enterprises are prime targets for malware attacks
"Only 14% of Australian organisations are continuously training employees to spot cyber attacks."
Exclusive: Why botnets will swarm IoT devices
“What if these nodes were able to make autonomous decisions with minimal supervision, use their collective intelligence to solve problems?”
Bitdefender announces security integration with Kaseya
The new partnership will allow VSA by Kaseya’s cloud and on-premises users to deploy and manage security with Bitdefender Cloud Security for MSPs.
Why you should leverage a next-gen firewall platform
Through full lifecycle-based threat detection and prevention, organisations are able to manage the entire threat lifecycle without adding additional solutions.