Top barrier to cyber-resilience: 'insufficient planning and preparedness'
As Boromir might have said, "One does not simply assume cyber-resilience"
Only 32 percent of IT and security professionals say their organisation has a high level of cyber-resilience.
New research from Resilient, an IBM Company, and the Ponemon Institute discovered that poor incident response is hindering cyber-resilience. The global study collected responses from more than 2400 security and IT pros from the UK, US, France, Germany, United Arab Emirates, Brazil and Australia.
Two-thirds of respondents reported that their organisation is not prepared to recover from cyber-attacks. Furthermore, 75 percent admitted that they do not have a formal cyber-security incident response plan applied consistently across the organisation and 23 percent have no plan at all.
“Organisations globally are still not prepared to manage and mitigate a cyber-attack. Security leaders can drive significant improvement by making incident response a top priority – focusing on planning, preparation and intelligence,” said John Bruce, CEO and co-founder of Resilient.
According to respondents, an incident response platform is one of the most effective security technologies for helping organisations become cyber-resilient, along with identity management and authentication, and intrusion detection and prevention systems.
More than half (53 percent) said they suffered at least one data breach in the past two years. When looking at the past two years, 74 percent said they have been compromised by malware on a frequent basis and 64 percent have been compromised by phishing on a frequent basis.
Sixty-eight percent don't believe their organisations can remain resilient in the event a cyber-attack occurs and 66 percent are not confident in their company's ability to effectively recover from an attack.“While companies are seeing the value of deploying an incident response plan, there is still a lag in having the appropriate people, processes and technologies in place. We are encouraged that this is becoming a more important part of an overall IT security strategy,” said Dr Larry Ponemon, chairman and founder of the Ponemon Institute.