The current information security landscape is rapidly evolving. According to the latest research from IBM Security and the Ponemon Institute’s 2020 Cyber Resilient Organization Report, 67% of organizations reported that the volume of attacks had significantly increased over the past 12 months. It’s not just the amount of attacks that grew; 64% of organizations also saw an increase in the severity of the attacks. Roughly 53% of responding organizations experienced a data breach involving more than 1,000 records within the last two years.

This growing volume of severe attacks is disruptive to information technology (IT) and business processes, resulting in an increased interest in cyber resilience. More and more enterprises are shifting away from a purely defensive security posture. Instead, companies are embracing a holistic approach to creating a security-conscious culture. They are cultivating a cyber resilience mindset with the ability to prevent, detect, contain and recover from threats against data, applications and IT infrastructure.

Organizations designated as “high performers” in cyber resilience outperformed others in all areas of IT security in the 2020 Cyber Resilient Organization Report.The gap between high performers and the others was largest when it came to detecting and containing attacks.

Building cyber resilience isn’t simple or easy. But, it clearly can be worthwhile if you start with the right framework and approach best suited for your company.

What is Cyber Resilience?

Cyber resilience refers to an organization’s ability to keep operating when cyberattacks or other adverse events affecting IT systems occur. It goes beyond protecting against threats, defending against attacks and remediating incidents to encompass the ability to withstand all types of cyber events.

The concept of achieving cyber resilience can be likened to the idea of continuous improvement in management theory. Enterprises can make a series of small changes to organizational cultures, technology stacks and policies and procedures on an ongoing basis. This ultimately cultivates increased resilience — the ability to prevent data breaches and business process disruptions in the face of cyber incidents — over time.

Building Cyber Resilience

High performing organizations leverage automation, cloud services and interoperable solutions to prevent attacks and rapidly intervene in those already in progress. They also build attack-specific and enterprise-wide incident response plans to foster consistency and effective collaboration when attacks do occur. 

This year’s Cyber Resilient Organization Report outlines four key areas enterprises must focus on to be effective if they are to bolster cyber resilience overall.


Prevention is the area in which the largest number of enterprises have made the most improvements. In fact, prevention may even be over-emphasized; 56% of the responding organizations use the number of cyberattacks prevented as a measure of their overall cyber resilience, rather than considering a more global array of metrics.

However, leaders of high-performing enterprises still report a great deal of confidence in their organizations’ abilities to prevent cyberattacks. This confidence may be due to their more frequent use of automation, artificial intelligence and machine learning than their lower-performing peers. As a general trend, enterprises that employ automated solutions in risk and vulnerability assessment and configuration management benefit by improving visibility and freeing up resources for higher-value tasks.

Detection: Identify Signs of Compromise Quickly

Speedy time-to-detection prevents incidents from escalating into breaches and reduces overall remediation costs. However, complexity often becomes the enemy of rapid and accurate identification of malicious activity.

Nearly 30% of the respondents in the Cyber Resilient Report use more than 50 separate security solutions and technologies. Companies with more than 50 security tools in place actually ranked 8% lower in their ability to detect attacks than those running fewer disparate solutions. The interoperability challenges and environmental complexity within these solutions impact efficiency and slow down detection.

Automated solutions that can be integrated across multiple tools and platforms within your environment can help enhance visibility into applications and data. These tools can reduce overall complexity, allowing security teams to make better decisions about how to spend their time and attention.

Containment: Processes and Workflows for Rapid Remediation

Top performers are doing a much better job of responding to and containing incidents than their less-resilient counterparts. They outperformed other organizations by 35% according to this year’s Report.

A key differentiator may be their greater commitment to preparation and planning. Roughly 43% of high performers use an enterprise-wide cybersecurity incident response plan, whereas only 20% of other organizations do. High performers are also more likely to review and test this plan regularly and apply it consistently. In addition, they’re more likely to develop attack-specific response plans for the types of attacks most prevalent in their industry.

The lesson is that planning is invaluable. Formalizing playbooks that outline incident containment and response procedures can greatly reduce the time it’ll take to contain attacks, as well as limit the eventual scope.


Response is another area where high performers’ capabilities far exceed the majority of their peers. We’re already noted that high-performers are more likely to be leveraging automated tools.

The same tools that improve a security team’s ability to prevent and detect attacks may also improves their performance when responding to and containing incidents. Any tool that increases analysts’ overall operational efficiency will give them more time to spend on their most valuable activities.

Overall, cyber resilient organizations outperform their peers in every aspect of IT security operations. Creating cyber resilience starts with building strong and collaborative organization-wide cultures where data privacy and security are valued. An organization also needs to focus on wise technology investments to improve security operational performance. They should understand that more tools do not necessarily add up to stronger security. Instead it should focus on implementing those, such as automation of mundane tasks and routine workflows, that can make security analysts’ jobs easier, more creative and more fulfilling.

Want to learn more best practices from this year’s top performing enterprises? Download the 2020 Cyber Resilient Organization Report.

More from CISO

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Boardroom cyber expertise comes under scrutiny

3 min read - Why are companies concerned about cybersecurity? Some of the main drivers are data protection, compliance, risk management and ensuring business continuity. None of these are minor issues. Then why do board members frequently keep their distance when it comes to cyber concerns?A report released last year showed that just 5% of CISOs reported directly to the CEO. This was actually down from 8% in 2022 and 11% in 2021. But even if board members don’t want to get too close…

The CISO’s guide to accelerating quantum-safe readiness

3 min read - Quantum computing presents both opportunities and challenges for the modern enterprise. While quantum computers are expected to help solve some of the world’s most complex problems, they also pose a risk to traditional cryptographic systems, particularly public-key encryption. To ensure their organization’s data remains secure now and in the future, chief information security officers (CISOs) should educate themselves about quantum computing, proactively address the coming quantum risks to cybersecurity and work to establish cryptographic agility in their enterprise.A future cryptographically…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today