Three out of four organizations lack proper incident response plans: IBM-Ponemon report

There’s no denying that fortifying defenses is the first step to cyber-resiliency. What takes a back seat though, is the lack of proper incident response plans. IBM-Ponemon’s 2018 cyber-resiliency study reveals 77 percent of firms lack proper incident response plans.

The enterprise has undoubtedly woken up to the need for a robust end-point security mechanism. However, a study conducted by IBM Resilient and the Ponemon Institute revealed that an astounding 77 percent of organizations did not have a formal cybersecurity incident response plan in place.

Going by stats alone, the enterprise has so far been quite sluggish in responding to cyber-attacks. The SANS Institute’s 2017 survey revealed that 50 percent of organizations reported a dwell time exceeding 24 hours.

Dark spots in cyber resilience:

  • Organizations not having a formal cybersecurity incident response plan: 77%.
  • Organizations that do not have a CISO or CSO in their organization: 23%.
  • Organizations that do not have invested in AI and machine learning: 60%.

Although Gartner forecasts worldwide security spending to USD 96.3 billion – an 8 percent spike from 2017, the IBM-Ponemon report found that only 31 percent of the 2848 respondents felt that they have an adequate cyber resilience budget.

The dearth of cybersecurity talent

A shortage of sufficiently skilled personnel was revealed to be the second biggest barrier to cyber resilience – only 29 percent of companies were found to have staffing with an ideal skill set.

Highly resilient organizations, constituting 61 percent, attributed their self-reliance to their ability to hire skilled personnel. Additionally, 77 percent of security professionals admitted to facing difficulties in retaining and hiring skilled cybersecurity workforce.

And the problem finds its way to the top of the pyramid as well. Half of the respondents said that their organization’s current CISOs were in place for three years or less. A more alarming fact is that 23 percent reported they did not even have a CISO or CSO in their organization.

However, it’s not just people power that drives cyber-resiliency. A significant fraction of respondents--60 percent--believe that lack of investments in AI and machine learning has added to the problem of poor cyber resilience.