The Ponemon Institute just released its annual “The Cyber Resilient Organization” report, sponsored by IBM Security. In its fifth year, this study takes an in-depth look at organizations’ ability to prevent, detect, contain and respond to cyberattacks. The report examines changes in cyber resilience and identifies approaches and best practices organizations took to improve their overall cyber resilience.

Download the Ponemon report

A cyber resilient enterprise can be defined as one that more effectively prevents, detects, contains and responds to a myriad of serious threats against data, applications and IT infrastructure.

This study is based on surveys with more than 3,400 information technology (IT) and security professionals in 11 global markets: the U.S., Canada, Brazil, the U.K., France, Germany, India, Japan, Australia, the Middle East and Southeast Asia.

Cyber Resilience is Improving but Challenges Remain

Organizations have greatly improved their cyber resilience since 2015: the percent of organizations that achieved a high level of cyber resilience increased from 35% in 2015 to 53% in 2020, growing 51%. Despite an increase in the volume and severity of attacks during the past 12 months, 67% and 64%, respectively, organizations are feeling more confident.

During the same time, cybersecurity incident response plans (CSIRP) have increasingly been adopted, growing 44% since 2015. This is a key indicator of an organization’s ability to respond and contain a cyberattack. Despite this progress, 51% of respondents say their CSIRPs were not applied consistently across the enterprise or, worse, their plan was informal or ad hoc. In addition, nearly one-quarter of organizations did not have an CSIRP at all.

Even among those with a formal CSIRP, only one-third have attack-specific playbooks in place, minimizing their preparedness. Furthermore, only 7% of organizations reviewed their CSIRPs on a regular basis — a figure that did not change much over the last five years.

There also are implications of not using a CSIRP. The study revealed 23% more organizations without an up-to-date CSIRP applied across the business experienced a significant disruption to their IT and business processes, when compared to organizations with an up-to-date, widely applied CSIRP.

Complexity Inhibits Incident Response

Security teams are operating in a disjointed fashion, primarily due to the large number of security solutions and technologies used on a daily basis. According to the report, organizations deploy more than 45 security solutions on average and use 19 different tools when responding to a cybersecurity incident.

Against this backdrop, it is not surprising that an excessive use of disconnected tools can create complex environments and inhibit efficiency. The study also revealed the number of security solutions and technologies an organization used had an adverse effect on its ability to detect, prevent, contain and respond to a cybersecurity incident. Furthermore, companies with a high level of cyber resilience were found to emphasize interoperability to help provide much-needed visibility across multiple vendors’ solutions, while at the same time helping to reduce complexity.

Technology is a Differentiator for High Performers

As part of this research, a benchmark for measuring cyber resilience was created by isolating the most cyber resilient organizations and uncovering their approaches and habits. These organizations are referred to as high performers. In this year’s study, 825 respondents — 24% of the total sample — identified as high performers.

High performers stand out for their use of technology as the primary reason for improvements in cyber resilience. While other organizations cite adding skilled employees as a top reason for improving cyber resilience, high performers have a much stronger focus on technology as a differentiator.

Consider the use of technology by high performers:

  • 57% reported visibility into applications and data as the top reason for improving cyber resilience.
  • 70% cited significant or moderate use of automation to improve operational efficiency and support IT security teams.
  • 63% state the use of cloud services improved cyber resilience.

In addition, high performers outpace other organizations in their preparation; 43% have an enterprise-wide CSIRP applied consistently compared to 20% of other organizations. Furthermore, 50% of high performers have attack-specific playbooks for attacks, such as phishing or distributed denial-of-service (DDoS).Improving Your Cyber Resilience

Findings from this year’s study identify several best practices for organizations to consider to improve their cyber resilience:

  • Be prepared. Implementing a CSIRP that is consistently applied across the enterprise and reviewed on a regular basis, as well as developing attack-specific playbooks tailored to your industry, can help minimize business disruption.
  • Optimize technologies. Technologies, such as automation, analytics, artificial intelligence (AI) and machine learning were leading reasons why organizations improved their cyber resilience.
  • Raise the visibility of cyber resilience. Keeping cyber resilience performance visible to business leaders helps ensure it receives the required level of investment and resources.

To learn more about the results of the fifth annual report on The Cyber Resilient Organization and to hear actionable insights for your organization, join Dr. Larry Ponemon and IBM experts for a webinar at 11 am (EST) on July 23, 2020. You can register for this event here.

Download the Ponemon report

More from CISO

Ransomware Renaissance 2023: The Definitive Guide to Stay Safer

2 min read - Ransomware is experiencing a renaissance in 2023, with some cybersecurity firms reporting over 400 attacks in the month of March alone. And it shouldn’t be a surprise: the 2023 X-Force Threat Intelligence Index found backdoor deployments — malware providing remote access — as the top attacker action in 2022, and aptly predicted 2022’s backdoor failures would become 2023’s ransomware crisis. Compounding the problem is the industrialization of the cybercrime ecosystem, enabling adversaries to complete more attacks, faster. Over the last…

2 min read

Do You Really Need a CISO?

2 min read - Cybersecurity has never been more challenging or vital. Every organization needs strong leadership on cybersecurity policy, procurement and execution — such as a CISO, or chief information security officer. A CISO is a senior executive in charge of an organization’s information, cyber and technology security. CISOs need a complete understanding of cybersecurity as well as the business, the board, the C-suite and how to speak in the language of senior leadership. It’s a changing role in a changing world. But…

2 min read

What “Beginner” Skills do Security Leaders Need to Refresh?

4 min read - The chief information security officer (CISO) was once a highly technical role primarily focused on security. But now, the role is evolving. Modern security leaders must work across divisions to secure technology and help meet business objectives. To stay relevant, the CISO must have a broad range of skills to maintain adequate security and collaborate with teams of varying technical expertise. Learning is essential to simply keep pace in security. In a CISO Series podcast, Skillsoft CISO Okey Obudulu recently said,…

4 min read

The Needs of a Modernized SOC for Hybrid Cloud

5 min read - Cybersecurity has made a lot of progress over the last ten years. Improved standards (e.g., MITRE), threat intelligence, processes and technology have significantly helped improve visibility, automate information gathering (SOAR) and many manual tasks. Additionally, new analytics (UEBA/SIEM) and endpoint (EDR) technologies can detect and often stop entire classes of threats. Now we are seeing the emergence of technologies such as attack surface management (ASM), which are starting to help organisations get more proactive and focus their efforts for maximum…

5 min read