Recently, IBM Security announced the results of the “2019 Ponemon Institute Study on the Cyber Resilient Organization,” the fourth annual look at cross-industry preparedness for cybersecurity. Each report has taken a year-over-year look at the current state of cyber resilience and the business’ ability to maintain its core purpose in the face of a cyberattack.

Now that we have multiple reports’ worth of insights to digest, what better time is there to dissect those trends from a macro view of what’s improved and where security still needs to improve its efforts to effectively respond to cyberattacks?

Security Leaders Are Feeling Good

There has been a lot of positive improvement since the first report in 2015, including how leaders feel about their current cybersecurity posture. Fifty-four percent rated their cyber resiliency as high this year, which is an improvement from just 35 percent in 2015. This seems to go along with their improved perception of preventing a cyberattack, which increased from 38 percent in 2015 to 53 percent this year.

The Ponemon reports also show that businesses are placing more value in cyber resilience. This year, 62 percent of businesses rated the value of cyber resilience as high, an improvement from 51 percent in 2015.

In theory, this is all good news. Leaders are saying they value cyber resilience more and, as a result, businesses have gotten better at preventing cyberattacks. Naturally, then, leaders feel positive about their business’ overall cyber resilience. But there is still some work to be done.

Confidence Is High, But Is It False? Crucial Areas Are Being Overlooked

Unfortunately, there have also been a few key areas where businesses either haven’t improved or have declined since 2015. Most concerning is the lack of consistent incident response plans. This year, 77 percent of organizations said they do not have a consistent incident response plan deployed across the organization, compared to 82 percent in 2015. This is a slight improvement, but there is still a long way to go, despite the feeling of confidence in overall cyber resilience.

This aligns with stagnation found in other areas. In 2015, 47 percent of businesses rated their ability to quickly detect a cyberattack as high, and it’s improved to just 53 percent this year. Businesses also have decreased confidence in their ability to contain a cyberattack once it has hit, dropping from 52 percent in 2015 to 49 percent today. Clearly, there is a problem if half of all security leaders don’t feel confident in their ability to detect a cyberattack, and then cannot quickly contain it once they’ve found it.

Douse Fire Drills With Incident Response Plans

It makes sense that security leaders would not feel confident in their ability to quickly contain a cyberattack if there is not a proper incident response plan in place. Being able to work quickly on a complex and evolving cyberattack requires an in-depth, consistent and repeatable incident response plan.

We know that high performers — study participants who have achieved a high level of cyber resilience — are far more likely to have a consistent incident response plan deployed. High performers were tops in preventing, detecting, containing and responding to cyberattacks, and just 5 percent of those do not have an incident response plan. It stands to reason, then, that starting with a well-defined incident response plan is crucial for cybersecurity overall.

Get Incident Response Plans Off the Ground

We’ve heard from respondents and our own customers that building a plan, keeping it up to date and deploying it consistently across the business is hard work. Whether it’s disjointed business units, too many politics in the way or no leadership support, incident response planning seems to fall by the wayside. But we know having a plan like this in place is crucial to cyber resilience, so how can security leaders overcome these challenges and set the business up for cybersecurity success?

Making incident response plans a reality starts with acknowledging that process is hard to scale, but can be made a lot easier with buy-in from leadership. To start, conduct an enterprisewide workshop to overhaul your incident response processes. This will establish the importance of cyber resilience in the minds of the C-suite as well as leaders from marketing, HR, legal, IT, customer service and other departments. When all stakeholders truly understand the benefits of a fully deployed plan, they’ll be much more invested and willing to contribute to building a standard, documented and repeatable incident response plan.

Of course, businesses will need the right tools and the right people in place to ultimately stop threats effectively. But tools and people are ineffective without a proper plan to guide them. Understanding the risks to the business through the process of building an incident response plan can help your leaders understand which tools to deploy and how many people are needed in crucial roles. By committing to — and consistently testing and adjusting — an incident response plan, this evolution will lead to cybersecurity maturity. From there, security leaders can start implementing automation to create a true orchestrated incident response process for the business.

Increase Efficiency With Orchestration

Once the strategy for an incident response plan has been put in motion, security leaders will have support for their positive feelings toward cyber resilience — which should result in growing confidence in Ponemon reports to come. With a consistent, repeatable incident response plan in place, the foundational pillars of people, process and technology will be set and businesses can mature their cybersecurity processes from there. The high performers lead the way with deploying orchestrated incident response processes, smartly automated tasks and the right people in the loop.

To learn more about the benefits of going through this journey and how getting to an orchestrated incident response model can positively impact the overall business, take a look at how to outsmart cyberthreats with security orchestration and automation.

Download the “Orchestrate Incident Response” e-book

More from Incident Response

Tequila OS 2.0: The first forensic Linux distribution in Latin America

3 min read - Incident response teams are stretched thin, and the threats are only intensifying. But new tools are helping bridge the gap for cybersecurity pros in Latin America.IBM Security X-Force Threat Intelligence Index 2023 found that 12% of the security incidents X-force responded to were in Latin America. In comparison, 31% were in the Asia-Pacific, followed by Europe with 28%, North America with 25% and the Middle East with 4%. In the Latin American region, Brazil had 67% of incidents that X-Force…

Alert fatigue: A 911 cyber call center that never sleeps

4 min read - Imagine running a 911 call center where the switchboard is constantly lit up with incoming calls. The initial question, “What’s your emergency, please?” aims to funnel the event to the right responder for triage and assessment. Over the course of your shift, requests could range from soft-spoken “I’m having a heart attack” pleas to “Where’s my pizza?” freak-outs eating up important resources. Now add into the mix a volume of calls that burnout kicks in and important threats are missed.…

SIEM and SOAR in 2023: Key trends and new changes

4 min read - Security information and event management (SIEM) systems remain a key component of security operations centers (SOCs). Security orchestration, automation, and response (SOAR) frameworks, meanwhile, have emerged to fill the gap in these capabilities left by many SIEM systems. But as many companies have begun reaching the limits of SIEM and SOAR systems over the last few years, they have started turning to other solutions such as extended detection and response (XDR). But does this shift spell the end of SIEM…

X-Force releases detection & response framework for managed file transfer software

5 min read - How AI can help defenders scale detection guidance for enterprise software tools If we look back at mass exploitation events that shook the security industry like Log4j, Atlassian, and Microsoft Exchange when these solutions were actively being exploited by attackers, the exploits may have been associated with a different CVE, but the detection and response guidance being released by the various security vendors had many similarities (e.g., Log4shell vs. Log4j2 vs. MOVEit vs. Spring4Shell vs. Microsoft Exchange vs. ProxyShell vs.…