Responding to Cybersecurity Incidents Still a Major Challenge for Businesses

IBM Security announced the results of a global study that was conducted by Ponemon Institute. It has found that 77 percent of respondents admit they do not have a formal cyber security incident response plan (CSIRP) applied consistently across their organization. Nearly half of the 2800 respondents reported that their incident response plan is either informal/ad hoc or completely non-existent.

Despite this lack of formal planning, 72 percent of organizations report feeling more Cyber Resilient today than they were last year. Highly resilient organizations (61 percent) attribute their confidence to their ability to hire skilled personnel, but organizations need both technology and people to be Cyber Resilient. In fact, 60 percent of respondents consider a lack of investment in AI and machine learning as the biggest barrier to Cyber Resilience.

This confidence may be misplaced, with the analysis revealing that 57 percent of respondents said the time to resolve an incident has increased, while 65 percent reported the severity of the attacks has increased. These areas represent some of the key factors impacting overall cyber resiliency. These problems are further compounded by just 31 percent of those surveyed having an adequate Cyber Resilience budget in place and difficulty retaining and hiring IT Security professionals (77 percent).

The lack of a consistent CSIRP is a persistent trend each year despite a key finding from IBM’s 2017 Cost of a Data Breach Study. The cost of a data breach was nearly $1 million lower on average when organizations were able to contain the breach in less than thirty days - highlighting the value and importance of having a strong CSIRP.