The Ponemon Institute just released its annual “The Cyber Resilient Organization” report, sponsored by IBM Security. In its fifth year, this study takes an in-depth look at organizations’ ability to prevent, detect, contain and respond to cyberattacks. The report examines changes in cyber resilience and identifies approaches and best practices organizations took to improve their overall cyber resilience.

Download the Ponemon report

A cyber resilient enterprise can be defined as one that more effectively prevents, detects, contains and responds to a myriad of serious threats against data, applications and IT infrastructure.

This study is based on surveys with more than 3,400 information technology (IT) and security professionals in 11 global markets: the U.S., Canada, Brazil, the U.K., France, Germany, India, Japan, Australia, the Middle East and Southeast Asia.

Cyber Resilience is Improving but Challenges Remain

Organizations have greatly improved their cyber resilience since 2015: the percent of organizations that achieved a high level of cyber resilience increased from 35% in 2015 to 53% in 2020, growing 51%. Despite an increase in the volume and severity of attacks during the past 12 months, 67% and 64%, respectively, organizations are feeling more confident.

During the same time, cybersecurity incident response plans (CSIRP) have increasingly been adopted, growing 44% since 2015. This is a key indicator of an organization’s ability to respond and contain a cyberattack. Despite this progress, 51% of respondents say their CSIRPs were not applied consistently across the enterprise or, worse, their plan was informal or ad hoc. In addition, nearly one-quarter of organizations did not have an CSIRP at all.

Even among those with a formal CSIRP, only one-third have attack-specific playbooks in place, minimizing their preparedness. Furthermore, only 7% of organizations reviewed their CSIRPs on a regular basis — a figure that did not change much over the last five years.

There also are implications of not using a CSIRP. The study revealed 23% more organizations without an up-to-date CSIRP applied across the business experienced a significant disruption to their IT and business processes, when compared to organizations with an up-to-date, widely applied CSIRP.

Complexity Inhibits Incident Response

Security teams are operating in a disjointed fashion, primarily due to the large number of security solutions and technologies used on a daily basis. According to the report, organizations deploy more than 45 security solutions on average and use 19 different tools when responding to a cybersecurity incident.

Against this backdrop, it is not surprising that an excessive use of disconnected tools can create complex environments and inhibit efficiency. The study also revealed the number of security solutions and technologies an organization used had an adverse effect on its ability to detect, prevent, contain and respond to a cybersecurity incident. Furthermore, companies with a high level of cyber resilience were found to emphasize interoperability to help provide much-needed visibility across multiple vendors’ solutions, while at the same time helping to reduce complexity.

Technology is a Differentiator for High Performers

As part of this research, a benchmark for measuring cyber resilience was created by isolating the most cyber resilient organizations and uncovering their approaches and habits. These organizations are referred to as high performers. In this year’s study, 825 respondents — 24% of the total sample — identified as high performers.

High performers stand out for their use of technology as the primary reason for improvements in cyber resilience. While other organizations cite adding skilled employees as a top reason for improving cyber resilience, high performers have a much stronger focus on technology as a differentiator.

Consider the use of technology by high performers:

  • 57% reported visibility into applications and data as the top reason for improving cyber resilience.
  • 70% cited significant or moderate use of automation to improve operational efficiency and support IT security teams.
  • 63% state the use of cloud services improved cyber resilience.

In addition, high performers outpace other organizations in their preparation; 43% have an enterprise-wide CSIRP applied consistently compared to 20% of other organizations. Furthermore, 50% of high performers have attack-specific playbooks for attacks, such as phishing or distributed denial-of-service (DDoS).Improving Your Cyber Resilience

Findings from this year’s study identify several best practices for organizations to consider to improve their cyber resilience:

  • Be prepared. Implementing a CSIRP that is consistently applied across the enterprise and reviewed on a regular basis, as well as developing attack-specific playbooks tailored to your industry, can help minimize business disruption.
  • Optimize technologies. Technologies, such as automation, analytics, artificial intelligence (AI) and machine learning were leading reasons why organizations improved their cyber resilience.
  • Raise the visibility of cyber resilience. Keeping cyber resilience performance visible to business leaders helps ensure it receives the required level of investment and resources.

To learn more about the results of the fifth annual report on The Cyber Resilient Organization and to hear actionable insights for your organization, join Dr. Larry Ponemon and IBM experts for a webinar at 11 am (EST) on July 23, 2020. You can register for this event here.

Download the Ponemon report

More from CISO

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Boardroom cyber expertise comes under scrutiny

3 min read - Why are companies concerned about cybersecurity? Some of the main drivers are data protection, compliance, risk management and ensuring business continuity. None of these are minor issues. Then why do board members frequently keep their distance when it comes to cyber concerns?A report released last year showed that just 5% of CISOs reported directly to the CEO. This was actually down from 8% in 2022 and 11% in 2021. But even if board members don’t want to get too close…

The CISO’s guide to accelerating quantum-safe readiness

3 min read - Quantum computing presents both opportunities and challenges for the modern enterprise. While quantum computers are expected to help solve some of the world’s most complex problems, they also pose a risk to traditional cryptographic systems, particularly public-key encryption. To ensure their organization’s data remains secure now and in the future, chief information security officers (CISOs) should educate themselves about quantum computing, proactively address the coming quantum risks to cybersecurity and work to establish cryptographic agility in their enterprise.A future cryptographically…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today