The enterprise has undoubtedly woken up to the need for a robust end-point security mechanism. However, a study conducted by IBM Resilient and the Ponemon Institute revealed that an astounding 77 percent of organizations did not have a formal cybersecurity incident response plan in place.
Going by stats alone, the enterprise has so far been quite sluggish in responding to cyber-attacks. The SANS Institute’s 2017 survey revealed that 50 percent of organizations reported a dwell time exceeding 24 hours.
Dark spots in cyber resilience:
Although Gartner forecasts worldwide security spending to USD 96.3 billion – an 8 percent spike from 2017, the IBM-Ponemon report found that only 31 percent of the 2848 respondents felt that they have an adequate cyber resilience budget.
The dearth of cybersecurity talent
A shortage of sufficiently skilled personnel was revealed to be the second biggest barrier to cyber resilience – only 29 percent of companies were found to have staffing with an ideal skill set.
Highly resilient organizations, constituting 61 percent, attributed their self-reliance to their ability to hire skilled personnel. Additionally, 77 percent of security professionals admitted to facing difficulties in retaining and hiring skilled cybersecurity workforce.
And the problem finds its way to the top of the pyramid as well. Half of the respondents said that their organization’s current CISOs were in place for three years or less. A more alarming fact is that 23 percent reported they did not even have a CISO or CSO in their organization.
However, it’s not just people power that drives cyber-resiliency. A significant fraction of respondents--60 percent--believe that lack of investments in AI and machine learning has added to the problem of poor cyber resilience.