The Ponemon Institute just released its annual “The Cyber Resilient Organization” report, sponsored by IBM Security. In its fifth year, this study takes an in-depth look at organizations’ ability to prevent, detect, contain and respond to cyberattacks. The report examines changes in cyber resilience and identifies approaches and best practices organizations took to improve their overall cyber resilience.

Download the Ponemon report

A cyber resilient enterprise can be defined as one that more effectively prevents, detects, contains and responds to a myriad of serious threats against data, applications and IT infrastructure.

This study is based on surveys with more than 3,400 information technology (IT) and security professionals in 11 global markets: the U.S., Canada, Brazil, the U.K., France, Germany, India, Japan, Australia, the Middle East and Southeast Asia.

Cyber Resilience is Improving but Challenges Remain

Organizations have greatly improved their cyber resilience since 2015: the percent of organizations that achieved a high level of cyber resilience increased from 35% in 2015 to 53% in 2020, growing 51%. Despite an increase in the volume and severity of attacks during the past 12 months, 67% and 64%, respectively, organizations are feeling more confident.

During the same time, cybersecurity incident response plans (CSIRP) have increasingly been adopted, growing 44% since 2015. This is a key indicator of an organization’s ability to respond and contain a cyberattack. Despite this progress, 51% of respondents say their CSIRPs were not applied consistently across the enterprise or, worse, their plan was informal or ad hoc. In addition, nearly one-quarter of organizations did not have an CSIRP at all.

Even among those with a formal CSIRP, only one-third have attack-specific playbooks in place, minimizing their preparedness. Furthermore, only 7% of organizations reviewed their CSIRPs on a regular basis — a figure that did not change much over the last five years.

There also are implications of not using a CSIRP. The study revealed 23% more organizations without an up-to-date CSIRP applied across the business experienced a significant disruption to their IT and business processes, when compared to organizations with an up-to-date, widely applied CSIRP.

Complexity Inhibits Incident Response

Security teams are operating in a disjointed fashion, primarily due to the large number of security solutions and technologies used on a daily basis. According to the report, organizations deploy more than 45 security solutions on average and use 19 different tools when responding to a cybersecurity incident.

Against this backdrop, it is not surprising that an excessive use of disconnected tools can create complex environments and inhibit efficiency. The study also revealed the number of security solutions and technologies an organization used had an adverse effect on its ability to detect, prevent, contain and respond to a cybersecurity incident. Furthermore, companies with a high level of cyber resilience were found to emphasize interoperability to help provide much-needed visibility across multiple vendors’ solutions, while at the same time helping to reduce complexity.

Technology is a Differentiator for High Performers

As part of this research, a benchmark for measuring cyber resilience was created by isolating the most cyber resilient organizations and uncovering their approaches and habits. These organizations are referred to as high performers. In this year’s study, 825 respondents — 24% of the total sample — identified as high performers.

High performers stand out for their use of technology as the primary reason for improvements in cyber resilience. While other organizations cite adding skilled employees as a top reason for improving cyber resilience, high performers have a much stronger focus on technology as a differentiator.

Consider the use of technology by high performers:

  • 57% reported visibility into applications and data as the top reason for improving cyber resilience.
  • 70% cited significant or moderate use of automation to improve operational efficiency and support IT security teams.
  • 63% state the use of cloud services improved cyber resilience.

In addition, high performers outpace other organizations in their preparation; 43% have an enterprise-wide CSIRP applied consistently compared to 20% of other organizations. Furthermore, 50% of high performers have attack-specific playbooks for attacks, such as phishing or distributed denial-of-service (DDoS).Improving Your Cyber Resilience

Findings from this year’s study identify several best practices for organizations to consider to improve their cyber resilience:

  • Be prepared. Implementing a CSIRP that is consistently applied across the enterprise and reviewed on a regular basis, as well as developing attack-specific playbooks tailored to your industry, can help minimize business disruption.
  • Optimize technologies. Technologies, such as automation, analytics, artificial intelligence (AI) and machine learning were leading reasons why organizations improved their cyber resilience.
  • Raise the visibility of cyber resilience. Keeping cyber resilience performance visible to business leaders helps ensure it receives the required level of investment and resources.

To learn more about the results of the fifth annual report on The Cyber Resilient Organization and to hear actionable insights for your organization, join Dr. Larry Ponemon and IBM experts for a webinar at 11 am (EST) on July 23, 2020. You can register for this event here.

Download the Ponemon report

More from CISO

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

The evolution of a CISO: How the role has changed

3 min read - In many organizations, the Chief Information Security Officer (CISO) focuses mainly — and sometimes exclusively — on cybersecurity. However, with today’s sophisticated threats and evolving threat landscape, businesses are shifting many roles’ responsibilities, and expanding the CISO’s role is at the forefront of those changes. According to Gartner, regulatory pressure and attack surface expansion will result in 45% of CISOs’ remits expanding beyond cybersecurity by 2027.With the scope of a CISO’s responsibilities changing so quickly, how will the role adapt…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today