Today, the Ponemon Institute released its fourth annual “The Cyber Resilient Organization” report. This global study was the first of its kind back in 2015 and has been proudly sponsored by IBM Security since the beginning.

Over time, the importance of cyber resilience within the organization has grown significantly. Security leaders are striving to benchmark the organization’s preparedness and level of security, and measuring cyber resilience is a good reflection of their ability to withstand cyberattacks.

This year’s study queried 3,655 IT and security professionals and covered 11 different global markets: the U.S., Canada, India, Germany, Japan, Brazil, the U.K., France, Australia, the Middle East and Southeast Asia.

Download the Ponemon Report

Benchmarking Cyber Resilience to Identify Best Practices

When we look back on last year’s study, the biggest barrier to cyber resilience was a lack of investment in important tools, such as artificial intelligence (AI) and machine learning. We saw a significant change here with 23 percent of respondents now using security automation, which includes both AI and machine learning, extensively.

As part of this research, we created a benchmark for measuring cyber resilience by isolating the most cyber resilient organizations and uncovering their approaches and habits; we refer to these organizations as high performers. In this year’s study, 960 respondents — 26 percent of the total sample — identified as high performers. Let’s look at some of the key things these organizations are doing differently to achieve this enhanced level of cyber resilience.

First, high performers have response plans. Fifty-five percent of high-performing organizations have a cybersecurity incident response plan (CSIRP) deployed across the organization, as opposed to only 23 percent of the rest of the pool. Meanwhile, 77 percent of businesses do not have a consistently deployed plan. While this figure hasn’t changed significantly in the four years since we started this research, there is a surprisingly large number of organizations that lack this fundamental building block to achieving cyber resilience.

This year, for the first time, we followed up with these respondents to understand what obstacles they faced. Some said they lacked the necessary staffing or strong leadership required to drive this process, while others pointed to difficulties with organizational structure that didn’t support a centralized approach.

It is no surprise, then, that nearly half (46 percent) of respondents said their organization has yet to reach full General Data Protection Regulation (GDPR) compliance nearly a year after the data privacy regulation took effect in May 2018. In future research, we plan to explore the reasons why companies lack a consistent incident response plan.

What Sets High-Performing Organizations Apart?

It’s clear that being a high performer has a positive impact on an organization’s security posture. High performers suffer fewer data breaches (41 percent versus 55 percent) and less disruption caused by cyberattacks. When we look further at the characteristics of high-performing organizations, it comes down to a blend of people, processes and technology.

In terms of people, the skills gap remains a critical barrier for most organizations, with respondents highlighting headcount gaps and the difficulty in hiring and retaining skilled staff as key hurdles. High-performing organizations are better able to address this and, more importantly, have leadership that values these skills and the importance of cyber resilience.

When it comes to processes, more than 55 percent of high-performing organizations have a consistently applied CSIRP, and they are more likely to participate in threat intelligence and data breach sharing partnerships (69 percent versus the average of 56 percent).

Finally, high performers identified IT complexity as a challenge. As a result, these organizations are more likely to have less security solutions deployed (39 versus 45) and to believe they have the right technology footprint to achieve cyber resilience.

Reduce the Cost of a Data Breach With Security Automation

There is a clear need for organizations to establish a strategy to address these challenges and think about how they handle security incidents in the context of the GDPR and other regulations.

The volume and severity of cyberattacks continue to rise, but research has shown that technology adoption around security automation can save organizations up to $1.55 million on the total cost of a data breach, whereas organizations that do not leverage security automation end up realizing a much higher total cost of a data breach.

Register for the Live Webinar on April 30 at 12 p.m. ET to learn more

More from CISO

Bridging the 3.4 Million Workforce Gap in Cybersecurity

As new cybersecurity threats continue to loom, the industry is running short of workers to face them. The 2022 (ISC)2 Cybersecurity Workforce Study identified a 3.4 million worldwide cybersecurity worker gap; the total existing workforce is estimated at 4.7 million. Yet despite adding workers this past year, that gap continued to widen. Nearly 12,000 participants in that study felt that additional staff would have a hugely positive impact on their ability to perform their duties. More hires would boost proper…

CEO, CIO or CFO: Who Should Your CISO Report To?

As we move deeper into a digitally dependent future, the growing concern of data breaches and other cyber threats has led to the rise of the Chief Information Security Officer (CISO). This position is essential in almost every company that relies on digital information. They are responsible for developing and implementing strategies to harden the organization's defenses against cyberattacks. However, while many organizations don't question the value of a CISO, there should be more debate over who this important role…

Everyone Wants to Build a Cyber Range: Should You?

In the last few years, IBM X-Force has seen an unprecedented increase in requests to build cyber ranges. By cyber ranges, we mean facilities or online spaces that enable team training and exercises of cyberattack responses. Companies understand the need to drill their plans based on real-world conditions and using real tools, attacks and procedures. What’s driving this increased demand? The increase in remote and hybrid work models emerging from the COVID-19 pandemic has elevated the priority to collaborate and…

Why Quantum Computing Capabilities Are Creating Security Vulnerabilities Today

Quantum computing capabilities are already impacting your organization. While data encryption and operational disruption have long troubled Chief Information Security Officers (CISOs), the threat posed by emerging quantum computing capabilities is far more profound and immediate. Indeed, quantum computing poses an existential risk to the classical encryption protocols that enable virtually all digital transactions. Over the next several years, widespread data encryption mechanisms, such as public-key cryptography (PKC), could become vulnerable. Any classically encrypted communication could be wiretapped and is…