41 percent say the time to resolve a cyber incident has increased in the past 12 months, compared to only 31 percent who say it has decreased.
“This year’s Cyber Resilience study shows that organisations globally are still not prepared to manage and mitigate a cyberattack,” said John Bruce, CEO and co-founder of Resilient, an IBM Company, (IBM bought Resilient in April 2016) “Security leaders can drive significant improvement by making incident response a top priority – focusing on planning, preparation, and intelligence.”
According to respondents, an incident response platform (IRP) is among the most effective security technologies for helping organisations become Cyber Resilient, along with identity management and authentication, and intrusion detection and prevention systems.
The study also uncovered common barriers to Cyber Resilience. The majority – 66 percent – say “insufficient planning and preparedness” is the top barrier to Cyber Resilience. Respondents also indicate that the complexity of IT and businesses processes is increasing faster than their ability to prevent, detect, and respond to cyberattacks – leaving businesses vulnerable. This year, 46 percent of respondents say the “complexity of IT processes” is a significant barrier to achieving a high level of Cyber Resilience, up from 36 percent in 2015. Fifty-two percent say “complexity of business processes” is a significant barrier, up from 47 percent in 2015.
Conducted by the Ponemon Institute and sponsored by Resilient, The 2016 Cyber Resilient Organization measures an organisation’s ability to maintain its core purpose and integrity in the face of cyberattacks.
The global survey features insight from more than 2,400 security and IT professionals from around the world, including the United States, United Kingdom, France, Germany, United Arab Emirates, Brazil, and Australia.
The survey shows that the majority of companies are still not taking the proper steps to plan an effective and comprehensive response plan but show that incident response will become a greater priority within the next several years.
“While companies are seeing the value of deploying an incident response plan, there is still a lag in having the appropriate people, processes, and technologies in place,” said Dr. Larry Ponemon. “We are encouraged that this is becoming a more important part of an overall IT security strategy.”
Key takeaways from the study include:
Companies are experiencing frequent and successful cyberattacks
More than half (53 percent) say they suffered at least one data breach in the past two years
74 percent say they faced threats due to human error in the past year
When examining the past two years, 74 percent say they have been compromised by malware on a frequent basis, and 64 percent have been compromised by phishing on a frequent basis
Organisations can’t maintain operations effectively or recover quickly post-attack
68 percent don’t believe their organisations have the ability to remain resilient in the wake of a cyberattack
66 percent aren’t confident in their organisation’s ability to effectively recover from an attack
A lack of planning and preparation is the biggest barrier
Only 25 percent have an incident response plan applied consistently across the organisation. Twenty-three percent have no incident response plan at all
Only 14 percent test their incident response plans more than one time per year
66 percent cite a lack of planning as their organisation’s biggest barrier to becoming resilient to cyberattacks
Ability to respond to a cyberattack has not improved significantly
48 percent say their organisation’s Cyber Resilience has either declined (4 percent) or not improved (44 percent) over the past 12 months
41 percent say the time to resolve a cyber incident has increased or increased significantly, while only 31 percent say it has decreased or decreased significantly
IBM Security announced new facilities, services and software as part of a $200 million investment made this year. These investments include a new global security headquarters in Cambridge, Mass. which features the industry’s first physical Cyber Range for the commercial sector, where participants experience preparing for and responding to cyber attacks using live malware and real-world scenarios.
IBM also expanded capabilities and capacity for its global network of IBM X-Force Command Centers which now handle over 1 trillion security events per month. These security operations centers are staffed by 1,400 security professionals who will use cognitive technologies like Watson for client services, including chat sessions and data delivery, as well as Watson for Cybersecurity to quickly address cyber security events.
This article is from the CBROnline archive: some formatting and images may not be present.
Join Our Newsletter
Want more on technology leadership?
Sign up for Tech Monitor's weekly newsletter, Changelog, for the latest insight and analysis delivered straight to your inbox.