The Ponemon Institute just released its annual “The Cyber Resilient Organization” report, sponsored by IBM Security. In its fifth year, this study takes an in-depth look at organizations’ ability to prevent, detect, contain and respond to cyberattacks. The report examines changes in cyber resilience and identifies approaches and best practices organizations took to improve their overall cyber resilience.

A cyber resilient enterprise can be defined as one that more effectively prevents, detects, contains and responds to a myriad of serious threats against data, applications and IT infrastructure.

This study is based on surveys with more than 3,400 information technology (IT) and security professionals in 11 global markets: the U.S., Canada, Brazil, the U.K., France, Germany, India, Japan, Australia, the Middle East and Southeast Asia.

Cyber Resilience is Improving but Challenges Remain

Organizations have greatly improved their cyber resilience since 2015: the percent of organizations that achieved a high level of cyber resilience increased from 35% in 2015 to 53% in 2020, growing 51%. Despite an increase in the volume and severity of attacks during the past 12 months, 67% and 64%, respectively, organizations are feeling more confident.

During the same time, cybersecurity incident response plans (CSIRP) have increasingly been adopted, growing 44% since 2015. This is a key indicator of an organization’s ability to respond and contain a cyberattack. Despite this progress, 51% of respondents say their CSIRPs were not applied consistently across the enterprise or, worse, their plan was informal or ad hoc. In addition, nearly one-quarter of organizations did not have an CSIRP at all.

Even among those with a formal CSIRP, only one-third have attack-specific playbooks in place, minimizing their preparedness. Furthermore, only 7% of organizations reviewed their CSIRPs on a regular basis — a figure that did not change much over the last five years.

There also are implications of not using a CSIRP. The study revealed 23% more organizations without an up-to-date CSIRP applied across the business experienced a significant disruption to their IT and business processes, when compared to organizations with an up-to-date, widely applied CSIRP.

Complexity Inhibits Incident Response

Security teams are operating in a disjointed fashion, primarily due to the large number of security solutions and technologies used on a daily basis. According to the report, organizations deploy more than 45 security solutions on average and use 19 different tools when responding to a cybersecurity incident.

Against this backdrop, it is not surprising that an excessive use of disconnected tools can create complex environments and inhibit efficiency. The study also revealed the number of security solutions and technologies an organization used had an adverse effect on its ability to detect, prevent, contain and respond to a cybersecurity incident. Furthermore, companies with a high level of cyber resilience were found to emphasize interoperability to help provide much-needed visibility across multiple vendors’ solutions, while at the same time helping to reduce complexity.

Technology is a Differentiator for High Performers

As part of this research, a benchmark for measuring cyber resilience was created by isolating the most cyber resilient organizations and uncovering their approaches and habits. These organizations are referred to as high performers. In this year’s study, 825 respondents — 24% of the total sample — identified as high performers.

High performers stand out for their use of technology as the primary reason for improvements in cyber resilience. While other organizations cite adding skilled employees as a top reason for improving cyber resilience, high performers have a much stronger focus on technology as a differentiator.

Consider the use of technology by high performers:

• 57% reported visibility into applications and data as the top reason for improving cyber resilience.
• 70% cited significant or moderate use of automation to improve operational efficiency and support IT security teams.
• 63% state the use of cloud services improved cyber resilience.

In addition, high performers outpace other organizations in their preparation; 43% have an enterprise-wide CSIRP applied consistently compared to 20% of other organizations. Furthermore, 50% of high performers have attack-specific playbooks for attacks, such as phishing or distributed denial-of-service (DDoS).Improving Your Cyber Resilience

Findings from this year’s study identify several best practices for organizations to consider to improve their cyber resilience:

• Be prepared. Implementing a CSIRP that is consistently applied across the enterprise and reviewed on a regular basis, as well as developing attack-specific playbooks tailored to your industry, can help minimize business disruption.
• Optimize technologies. Technologies, such as automation, analytics, artificial intelligence (AI) and machine learning were leading reasons why organizations improved their cyber resilience.
• Raise the visibility of cyber resilience. Keeping cyber resilience performance visible to business leaders helps ensure it receives the required level of investment and resources.

To learn more about the results of the fifth annual report on The Cyber Resilient Organization and to hear actionable insights for your organization, join Dr. Larry Ponemon and IBM experts for a webinar at 11 am (EST) on July 23, 2020. You can register for this event here.