Incident Response Plans Still Lacking: Study

Friday, March 23, 2018 @ 04:03 PM gHale

It is hard to believe in this day of heightened security awareness, but 77 percent of respondents do not have a formal cybersecurity incident response plan applied consistently across their organization, new research found.

Nearly half of the 2,800 respondents said their incident response plan is either informal/ad hoc or completely non-existent, according to a report conducted by the Ponemon Institute and sponsored by IBM Resilient.

Attacks Hike with Geopolitical Events: Report
Cybersecurity Spending to Jump 33%
Strategic Malware Attacks Grow: Report
Possible to Hack Windows 10 Via Voice

“The 2018 Cyber Resilient Organization” is the third annual benchmark study on cyber resilience — an organization’s ability to maintain its core purpose and integrity in the face of cyberattacks.

The global survey features insight from security and IT professionals from around the world, and in different industries.

Despite this lack of formal planning, 72 percent of organizations reported feeling more “cyber resilient” today than they were last year.

Highly-resilient organizations (61 percent) attribute their confidence to their ability to hire skilled personnel, but organizations need both technology and people to be cyber resilient.

Along those lines, 60 percent of respondents consider a lack of investment in AI and machine learning as the biggest barrier to cyber resilience.

This confidence may be misplaced, however, according to the researchers. The analysis revealed 57 percent of respondents said the time to resolve an incident has increased, while 65 percent reported the severity of the attacks has increased. These areas represent some of the key factors impacting overall cyber resiliency. These problems are further compounded by just 31 percent of those surveyed having an adequate cyber resilience budget in place and difficulty retaining and hiring IT security professionals (77 percent).

Other takeaways from the study include:
• Staffing for cyber resilience-related activities is inadequate
• The second-biggest barrier to cyber resilience was having insufficient skilled personnel dedicated to cyber security
• 29 percent of respondents reported having ideal staffing to achieve cyber resilience
• 50 percent said their organization’s current CISO or security leader has been in place for three years or less
• 23 percent report they do not currently have a CISO or security leader.

Click here to register for the report.

Leave a Reply

You must be logged in to post a comment.