Cyber Resilience Study: Incident Response Plans and Security Automation Set High Performers Apart

April 11, 2019
| |
3 min read

Today, the Ponemon Institute released its fourth annual “The Cyber Resilient Organization” report. This global study was the first of its kind back in 2015 and has been proudly sponsored by IBM Security since the beginning.

Over time, the importance of cyber resilience within the organization has grown significantly. Security leaders are striving to benchmark the organization’s preparedness and level of security, and measuring cyber resilience is a good reflection of their ability to withstand cyberattacks.

This year’s study queried 3,655 IT and security professionals and covered 11 different global markets: the U.S., Canada, India, Germany, Japan, Brazil, the U.K., France, Australia, the Middle East and Southeast Asia.

Download the Ponemon Report

Benchmarking Cyber Resilience to Identify Best Practices

When we look back on last year’s study, the biggest barrier to cyber resilience was a lack of investment in important tools, such as artificial intelligence (AI) and machine learning. We saw a significant change here with 23 percent of respondents now using security automation, which includes both AI and machine learning, extensively.

As part of this research, we created a benchmark for measuring cyber resilience by isolating the most cyber resilient organizations and uncovering their approaches and habits; we refer to these organizations as high performers. In this year’s study, 960 respondents — 26 percent of the total sample — identified as high performers. Let’s look at some of the key things these organizations are doing differently to achieve this enhanced level of cyber resilience.

First, high performers have response plans. Fifty-five percent of high-performing organizations have a cybersecurity incident response plan (CSIRP) deployed across the organization, as opposed to only 23 percent of the rest of the pool. Meanwhile, 77 percent of businesses do not have a consistently deployed plan. While this figure hasn’t changed significantly in the four years since we started this research, there is a surprisingly large number of organizations that lack this fundamental building block to achieving cyber resilience.

This year, for the first time, we followed up with these respondents to understand what obstacles they faced. Some said they lacked the necessary staffing or strong leadership required to drive this process, while others pointed to difficulties with organizational structure that didn’t support a centralized approach.

It is no surprise, then, that nearly half (46 percent) of respondents said their organization has yet to reach full General Data Protection Regulation (GDPR) compliance nearly a year after the data privacy regulation took effect in May 2018. In future research, we plan to explore the reasons why companies lack a consistent incident response plan.

What Sets High-Performing Organizations Apart?

It’s clear that being a high performer has a positive impact on an organization’s security posture. High performers suffer fewer data breaches (41 percent versus 55 percent) and less disruption caused by cyberattacks. When we look further at the characteristics of high-performing organizations, it comes down to a blend of people, processes and technology.

In terms of people, the skills gap remains a critical barrier for most organizations, with respondents highlighting headcount gaps and the difficulty in hiring and retaining skilled staff as key hurdles. High-performing organizations are better able to address this and, more importantly, have leadership that values these skills and the importance of cyber resilience.

When it comes to processes, more than 55 percent of high-performing organizations have a consistently applied CSIRP, and they are more likely to participate in threat intelligence and data breach sharing partnerships (69 percent versus the average of 56 percent).

Finally, high performers identified IT complexity as a challenge. As a result, these organizations are more likely to have less security solutions deployed (39 versus 45) and to believe they have the right technology footprint to achieve cyber resilience.

Reduce the Cost of a Data Breach With Security Automation

There is a clear need for organizations to establish a strategy to address these challenges and think about how they handle security incidents in the context of the GDPR and other regulations.

The volume and severity of cyberattacks continue to rise, but research has shown that technology adoption around security automation can save organizations up to $1.55 million on the total cost of a data breach, whereas organizations that do not leverage security automation end up realizing a much higher total cost of a data breach.

Register for the Live Webinar on April 30 at 12 p.m. ET to learn more

Larry Ponemon
Chairman and Founder, Ponemon Institute

Dr. Larry Ponemon is the Chairman and Founder of the Ponemon Institute, a research think tank dedicated to advancing privacy and data protection practices. D...
read more