When a cyberattack occurs, most organizations are unprepared and do not have a consistent incident response plan.

That’s the major takeaway from our third annual “Cyber Resilient Organization” study, conducted by the Ponemon Institute. The study revealed that 77 percent of respondents still lack a formal cybersecurity incident response plan (CSIRP) that is applied consistently across the organization, a figure that is largely unchanged from the previous year’s study.

Read the Ponemon Institute’s Third Annual Study on the Cyber Resilient Organization

Incident Response Preparedness Lags Despite Growing Confidence in Cyber Resilience

Despite this, organizations reported feeling much more cyber-resilient than they did last year. Seventy-two percent said as much, which is a notable increase from just over half of respondents who said they felt more cyber-resilient the previous year.

Digging deeper into the data, however, that feeling may not be accurate. The following findings from the Ponemon study paint a different picture:

  • Fifty-seven percent of respondents said the time to resolve an incident has increased.
  • Only 29 percent reported having the ideal staffing level.
  • Just 31 percent reported having the proper budget for cyber resilience.
  • Lack of investment in important tools such as artificial intelligence (AI) and machine learning was ranked as the biggest barrier to cyber resilience.

Investing in Incident Response to Improve Cyber Resilience

It’s imperative that organizations address these challenges in 2018. Cyberattacks can have large costs associations, such as with WannaCry and NotPetya, and the General Data Protection Regulation (GDPR) is quickly approaching. Not only do organizations lack a consistent incident response plan — a GDPR requirement — but most reported low levels of confidence in complying with GDPR.

Based on the findings of the Ponemon report, organizations can improve their cyber resilience by arming employees with the most modern tools available to aid their work, such as AI and machine learning. Implementing a strategy that orchestrates human intelligence with these tools can help organizations create effective incident response plans.

To learn more about the full results of the Ponemon report, download “The Third Annual Study on the Cyber Resilient Organization” and watch the on-demand webinar: “Growing Your Organization’s Cyber Resilience in 2018.”

Read the Ponemon Institute’s Third Annual Study on the Cyber Resilient Organization

More from Incident Response

Why Crowdsourced Security is Devastating to Threat Actors

Almost every day, my spouse and I have a conversation about spam. Not the canned meat, but the number of unwelcomed emails and text messages we receive. He gets several nefarious text messages a day, while I maybe get one a week. Phishing emails come in waves — right now, I’m getting daily warnings that my AV software license is about to expire. Blocking or filtering has limited success and, as often as not, flags wanted rather than unwanted messages.…

5 Golden Rules of Threat Hunting

When a breach is uncovered, the operational cadence includes threat detection, quarantine and termination. While all stages can occur within the first hour of discovery, in some cases, that's already too late.Security operations center (SOC) teams monitor and hunt new threats continuously. To ward off the most advanced threats, security teams proactively hunt for ones that evade the dashboards of their security solutions.However, advanced threat actors have learned to blend in with their target's environment, remaining unnoticed for prolonged periods. Based…

Everyone Wants to Build a Cyber Range: Should You?

In the last few years, IBM X-Force has seen an unprecedented increase in requests to build cyber ranges. By cyber ranges, we mean facilities or online spaces that enable team training and exercises of cyberattack responses. Companies understand the need to drill their plans based on real-world conditions and using real tools, attacks and procedures. What’s driving this increased demand? The increase in remote and hybrid work models emerging from the COVID-19 pandemic has elevated the priority to collaborate and…

People, Process and Technology: The Incident Response Trifecta

Let's say you are the CISO or IT security lead of your organization, and your incident response program needs an uplift. After making a compelling business case to management for investment, your budget has been approved and expanded. With your newfound wealth, you focus on acquiring technology that will improve your monitoring, detection and analysis of data traffic. Has the incident program really improved by the technology acquisition, or is the uplift merely cosmetic? If no other changes have been…