Is pre-empting a cyber attack on the cards?

Munish Pruthi
Feb 6, 2017 · 2 min read

IBM and Ponemon institute unveiled the results of the annual Cyber Resilient Organization study, which found that only:

  • 32 percent of IT and security professionals say their organization has a high level of Cyber Resilience — down slightly from 35 percent in 2015
  • The 2016 study also found that 66 percent of respondents say their organization is not prepared to recover from cyberattacks
  • For the second straight year, the study showed that challenges with incident response (IR) are hindering Cyber Resilience
  • Seventy-five percent of respondents admit they do not have a formal cyber security incident response plan (CSIRP) that is applied consistently across the organization
  • Of those with a CSIRP in place, 52 percent have either not reviewed or updated the plan since it was put in place, or have no set plan for doing so
  • Additionally, 41 percent say the time to resolve a cyber incident has increased in the past 12 months, compared to only 31 percent who say it has decreased.

“This year’s Cyber Resilience study shows that organizations globally are still not prepared to manage and mitigate a cyberattack,” said John Bruce, CEO and co-founder of Resilient, an IBM Company. “Security leaders can drive significant improvement by making incident response a top priority — focusing on planning, preparation, and intelligence.” Source

Other key takeaways from the study include:

  • Companies are experiencing frequent and successful cyberattacks
  • More than half (53 percent) say they suffered at least one data breach in the past two years
  • 74 percent say they faced threats due to human error in the past year
  • When examining the past two years, 74 percent say they have been compromised by malware on a frequent basis, and 64 percent have been compromised by phishing on a frequent basis
  • Organizations can’t maintain operations effectively or recover quickly post-attack
  • 68 percent don’t believe their organizations have the ability to remain resilient in the wake of a cyberattack
  • 66 percent aren’t confident in their organization’s ability to effectively recover from an attack
  • A lack of planning and preparation is the biggest barrier
  • Only 25 percent have an incident response plan applied consistently across the organization. Twenty-three percent have no incident response plan at all
  • Only 14 percent test their incident response plans more than one time per year
  • 66 percent cite a lack of planning as their organization’s biggest barrier to becoming resilient to cyberattacks
  • Ability to respond to a cyberattack has not improved significantly
  • 48 percent say their organization’s Cyber Resilience has either declined (4 percent) or not improved (44 percent) over the past 12 months
  • 41 percent say the time to resolve a cyber incident has increased or increased significantly, while only 31 percent say it has decreased or decreased significantly

The Secure One

Handpicked cybersecurity, privacy, consulting, and professionalism articles for those who want to be in the know. Also home to inspiring stories in productivity, professional lessons and self improvement. All opinions are my own and not endorsed (yet)!

Munish Pruthi

Written by

I am corporate monkey with a specialism in all things technovision, cyber security, innovation and gadgets.

The Secure One

Handpicked cybersecurity, privacy, consulting, and professionalism articles for those who want to be in the know. Also home to inspiring stories in productivity, professional lessons and self improvement. All opinions are my own and not endorsed (yet)!

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade