More than three-quarters of businesses lack a formal cyber security incident response plan

Published: Tuesday, 20 March 2018 09:01

IBM Security has published the results of a global study exploring the factors and challenges of being a cyber resilient organization. The study was conducted by Ponemon Institute and sponsored by IBM and found that 77 percent of respondents admit they do not have a formal cyber security incident response plan (CSIRP) applied consistently across their organization. Nearly half of the respondents reported that their incident response plan is either informal/ad hoc or completely non-existent.

Despite this lack of formal planning, 72 percent of organizations report feeling more cyber resilient today than they were last year. Highly resilient organizations (61 percent) attribute their confidence to their ability to hire skilled personnel – but organizations need both technology and people to be cyber resilient. In fact, 60 percent of respondents consider a lack of investment in AI and machine learning as the biggest barrier to cyber resilience.

This confidence may be misplaced, with the analysis revealing that 57 percent of respondents said the time to resolve an incident has increased, while 65 percent reported that the severity of the attacks has increased. These areas represent some of the key factors impacting overall cyber resiliency. These problems are further compounded by just 31 percent of those surveyed having an adequate cyber resilience budget in place and difficulty retaining and hiring IT security professionals (77 percent).

About the study

‘The 2018 Cyber Resilient Organization’ is the third annual benchmark study on cyber resilience – an organization’s ability to maintain its core purpose and integrity in the face of cyber attacks. The global survey features insight from more than 2,800 security and IT professionals from around the world, including the United States, United Kingdom, France, Germany, Brazil, Asia-Pacific, Middle East, and Australia.

More details.