June 23, 2016 By Maria Battaglia 3 min read

For most organizations around the world, the concept of global cyber resilience has taken hold — and it’s the standard many are striving to achieve. However, there’s still a great deal of work to be done globally. The state of resilience (and the challenges involved with improving it) varies from region to region.

The Ponemon Institute and IBM Resilient released a series of global studies that explore and benchmark the state of cyber resilience in the U.S., U.K. and Germany. These reports outline the threats and barriers to resilience in each respective country and offer insight on how security teams can build more resilient organizations.

A Conversation About Global Cyber Resilience

To get a more global view of the state of resilience, we spoke with Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. We asked him for his thoughts on how the three countries stack up against one another — and the top lessons to be gleaned from the studies.

IBM RESILIENT: When you look at the global research holistically, what do you find to be most interesting?

PONEMON: One thing we find is that there’s general consensus in all countries on the importance of resilience — not just cyber, but in all aspects. Organizations truly understand they need the ability to maintain their integrity and sustain their business in the face of an array of challenges. It’s a growing concern.

Another lesson we learned is that — despite cultural differences — there’s a lot of symmetry around the globe when it comes to barriers to IT and security. In order for companies everywhere to be resilient, they need to overcome corporate silos and create a cross-functional team that brings different skills to the table.

But a lot of teams don’t press their comrades in other departments and don’t speak each other’s languages. As a result, it creates real barriers for those companies.

IBM RESILIENT: What are the biggest regional differences you found — and why do these differences exist?

PONEMON: We found that Germany, in particular, is sometimes an outlier. It stems from the fact that there are more regulatory requirements in Germany, and the German culture generally includes a high level of security and vigilance — and that includes the cyber realm.

Plus, Germans are more likely to have a comprehensive incident response [IR] plan. It’s not 100 percent true for the country, but German organizations are generally better prepared than the U.S. and U.K. Germany can demonstrate the workflow for a data breach and outperform other countries. The U.S. and U.K. are consistently very similar, but Germans have a more resilient security posture.

IBM RESILIENT: What were you most surprised to find in the global studies?

PONEMON: We saw good news and bad news. The good news is that most organizations globally see the importance of resilience. They’re not just preparing for specific incidents like malware and ransomware but building the mettle to overcome an array of events, through people, process and technology.

That’s the good news: they recognize this.

Bad news is that a lot of global companies also recognize that they’re not resilient today — and it could be catastrophic. And there are a number of challenges: They don’t have the resources allocated — or the right people and skillsets in security that they need.

For others, it just may not be a high priority for organizations’ leadership. They think it’s a technical thing — or a matter for IT. It’s really bad when that happens.

IBM RESILIENT: What immediate steps should U.S. and European Union-based organizations take to improve their cyber resilience?

PONEMON: One of the most critical things we found is that organizations that have an IR plan in place, prepare and test their plans tend to do better than the ones that don’t do the basic blocking and tackling.

Some of these organization have plans, but it’s wallpaper — they don’t value it. It’s just a checkbox, and it doesn’t accomplish anything.

Security teams need to look at security events like DDoS [denial-of-service] malware, data breaches or PII [personally identifiable information] losses — because each event requires different approaches. They need to find out if you have a plan and if they’re ready for it — and most aren’t. That’s the first step to getting more effective at IR.

Beyond the plan, you need to have a team of people ready to roll. If you don’t have people, outsource it. Companies that do so have a much stronger security profile and cyber resilience. We see that consistently.

**UPDATED** Read the Ponemon Institute’s Third Annual Study on the Cyber Resilient Organization

More from Incident Response

How Paris Olympic authorities battled cyberattacks, and won gold

3 min read - The Olympic Games Paris 2024 was by most accounts a highly successful Olympics. Some 10,000 athletes from 204 nations competed in 329 events over 16 days. But before and during the event, authorities battled Olympic-size cybersecurity threats coming from multiple directions.In preparation for expected attacks, authorities took several proactive measures to ensure the security of the event.Cyber vigilance programThe Paris 2024 Olympics implemented advanced threat intelligence, real-time threat monitoring and incident response expertise. This program aimed to prepare Olympic-facing organizations…

How CIRCIA is changing crisis communication

3 min read - Read the previous article in this series, PR vs cybersecurity teams: Handling disagreements in a crisis. When the Colonial Pipeline attack happened a few years ago, widespread panic and long lines at the gas pump were the result — partly due to a lack of reliable information. The attack raised the alarm about serious threats to critical infrastructure and what could happen in the aftermath. In response to this and other high-profile cyberattacks, Congress passed the Cyber Incident Reporting for Critical…

PR vs cybersecurity teams: Handling disagreements in a crisis

4 min read - Check out our first two articles in this series, Cybersecurity crisis communication: What to do and Crisis communication: What NOT to do. When a cyber incident happens inside an organization, everyone in the company has a stake in how to approach remediation. The problem is that not everyone agrees on how to handle the public response to cyber crisis communication. Typically, in any organization, the public relations team handles the relationship between the company and the media, who then decide…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today