June 30, 2020 By Larry Ponemon
Stephanie Torto
3 min read


The Ponemon Institute just released its annual “The Cyber Resilient Organization” report, sponsored by IBM Security. In its fifth year, this study takes an in-depth look at organizations’ ability to prevent, detect, contain and respond to cyberattacks. The report examines changes in cyber resilience and identifies approaches and best practices organizations took to improve their overall cyber resilience.

Download the Ponemon report

A cyber resilient enterprise can be defined as one that more effectively prevents, detects, contains and responds to a myriad of serious threats against data, applications and IT infrastructure.

This study is based on surveys with more than 3,400 information technology (IT) and security professionals in 11 global markets: the U.S., Canada, Brazil, the U.K., France, Germany, India, Japan, Australia, the Middle East and Southeast Asia.

Cyber Resilience is Improving but Challenges Remain

Organizations have greatly improved their cyber resilience since 2015: the percent of organizations that achieved a high level of cyber resilience increased from 35% in 2015 to 53% in 2020, growing 51%. Despite an increase in the volume and severity of attacks during the past 12 months, 67% and 64%, respectively, organizations are feeling more confident.

During the same time, cybersecurity incident response plans (CSIRP) have increasingly been adopted, growing 44% since 2015. This is a key indicator of an organization’s ability to respond and contain a cyberattack. Despite this progress, 51% of respondents say their CSIRPs were not applied consistently across the enterprise or, worse, their plan was informal or ad hoc. In addition, nearly one-quarter of organizations did not have an CSIRP at all.

Even among those with a formal CSIRP, only one-third have attack-specific playbooks in place, minimizing their preparedness. Furthermore, only 7% of organizations reviewed their CSIRPs on a regular basis — a figure that did not change much over the last five years.

There also are implications of not using a CSIRP. The study revealed 23% more organizations without an up-to-date CSIRP applied across the business experienced a significant disruption to their IT and business processes, when compared to organizations with an up-to-date, widely applied CSIRP.

Complexity Inhibits Incident Response

Security teams are operating in a disjointed fashion, primarily due to the large number of security solutions and technologies used on a daily basis. According to the report, organizations deploy more than 45 security solutions on average and use 19 different tools when responding to a cybersecurity incident.

Against this backdrop, it is not surprising that an excessive use of disconnected tools can create complex environments and inhibit efficiency. The study also revealed the number of security solutions and technologies an organization used had an adverse effect on its ability to detect, prevent, contain and respond to a cybersecurity incident. Furthermore, companies with a high level of cyber resilience were found to emphasize interoperability to help provide much-needed visibility across multiple vendors’ solutions, while at the same time helping to reduce complexity.

Technology is a Differentiator for High Performers

As part of this research, a benchmark for measuring cyber resilience was created by isolating the most cyber resilient organizations and uncovering their approaches and habits. These organizations are referred to as high performers. In this year’s study, 825 respondents — 24% of the total sample — identified as high performers.

High performers stand out for their use of technology as the primary reason for improvements in cyber resilience. While other organizations cite adding skilled employees as a top reason for improving cyber resilience, high performers have a much stronger focus on technology as a differentiator.

Consider the use of technology by high performers:

  • 57% reported visibility into applications and data as the top reason for improving cyber resilience.
  • 70% cited significant or moderate use of automation to improve operational efficiency and support IT security teams.
  • 63% state the use of cloud services improved cyber resilience.

In addition, high performers outpace other organizations in their preparation; 43% have an enterprise-wide CSIRP applied consistently compared to 20% of other organizations. Furthermore, 50% of high performers have attack-specific playbooks for attacks, such as phishing or distributed denial-of-service (DDoS).Improving Your Cyber Resilience

Findings from this year’s study identify several best practices for organizations to consider to improve their cyber resilience:

  • Be prepared. Implementing a CSIRP that is consistently applied across the enterprise and reviewed on a regular basis, as well as developing attack-specific playbooks tailored to your industry, can help minimize business disruption.
  • Optimize technologies. Technologies, such as automation, analytics, artificial intelligence (AI) and machine learning were leading reasons why organizations improved their cyber resilience.
  • Raise the visibility of cyber resilience. Keeping cyber resilience performance visible to business leaders helps ensure it receives the required level of investment and resources.

To learn more about the results of the fifth annual report on The Cyber Resilient Organization and to hear actionable insights for your organization, join Dr. Larry Ponemon and IBM experts for a webinar at 11 am (EST) on July 23, 2020. You can register for this event here.

Download the Ponemon report

More from CISO

Empowering cybersecurity leadership: Strategies for effective Board engagement

4 min read - With the increased regulation surrounding cyberattacks, more and more executives are seeing these attacks for what they are - serious threats to business operations, profitability and business survivability. But what about the Board of Directors? Are they getting all the information they need? Are they aware of your organization’s cybersecurity initiatives? Do they understand why those initiatives matter? Maybe not. According to Harvard Business Review, only 47% of board members regularly engage with their CISO. There appears to be a…

The evolution of 20 years of cybersecurity awareness

3 min read - Since 2004, the White House and Congress have designated October National Cybersecurity Awareness Month. This year marks the 20th anniversary of this effort to raise awareness about the importance of cybersecurity and online safety. How have cybersecurity and malware evolved over the last two decades? What types of threat management tools surfaced and when? The Cybersecurity Awareness Month themes over the years give us a clue. 2004 - 2009: Inaugural year and beyond This early period emphasized general cybersecurity hygiene,…

C-suite weighs in on generative AI and security

3 min read - Generative AI (GenAI) is poised to deliver significant benefits to enterprises and their ability to readily respond to and effectively defend against cyber threats. But AI that is not itself secured may introduce a whole new set of threats to businesses. Today IBM’s Institute for Business Value published “The CEO's guide to generative AI: Cybersecurity," part of a larger series providing guidance for senior leaders planning to adopt generative AI models and tools. The materials highlight key considerations for CEOs…

Bringing threat intelligence and adversary insights to the forefront: X-Force Research Hub

3 min read - Today defenders are dealing with both a threat landscape that’s constantly changing and attacks that have stood the test of time. Innovation and best practices co-exist in the criminal world, and one mustn’t distract us from the other. IBM X-Force is continuously observing new attack vectors and novel malware in the wild, as adversaries seek to evade detection innovations. But we also know that tried and true tactics — from phishing and exploiting known vulnerabilities to using compromised credentials and…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today