66% of security pros ‘not confident’ they could recover from major cyberattacks

Resilient and the Ponemon Institute have unveiled the results of the annual Cyber Resilient Organization study, which found that only 32% of IT and security professionals say their organisation has a high level of Cyber Resilience – down from 35%  in 2015.

The 2016 study also found that 66% of respondents say their organisation is not prepared to recover from cyberattacks.

For the second straight year, the study showed that challenges with incident response are hindering Cyber Resilience. Seventy-five percent of respondents admit they do not have a formal cyber security incident response plan that is applied consistently across the organisation. Of those with a CSIRP in place, 52% have either not reviewed or updated the plan since it was put in place, or have no set plan for doing so. Additionally, 41% say the time to resolve a cyber incident has increased in the past 12 months, compared to only 31% who say it has decreased.


“This year’s Cyber Resilience study shows that organisations globally are still not prepared to manage and mitigate a cyberattack,” said John Bruce, CEO and co-founder of Resilient, an IBM Company. “Security leaders can drive significant improvement by making incident-response a top priority – focusing on planning, preparation, and intelligence.”

According to respondents, an incident response platform (IRP) is among the most effective security technologies for helping organisations become Cyber Resilient, along with identity management and authentication, and intrusion detection and prevention systems.

The study also uncovered common barriers to Cyber Resilience. The majority – 66% – say “insufficient planning and preparedness” is the top barrier to Cyber Resilience. Respondents also indicate that the complexity of IT and businesses processes is increasing faster than their ability to prevent, detect, and respond to cyberattacks – leaving businesses vulnerable. This year, 46% of respondents say the “complexity of IT processes” is a significant barrier to achieving a high level of Cyber Resilience, up from 36% in 2015. Fifty-two percent say “complexity of business processes” is a significant barrier, up from 47% in 2015.

Conducted by the Ponemon Institute and sponsored by Resilient, The 2016 Cyber Resilient Organization is a benchmark study on Cyber Resilience – an organisation’s ability to maintain its core purpose and integrity in the face of cyberattacks. The global survey features insight from more than 2,400 security and IT professionals from around the world, including the United States, United Kingdom, France, Germany, United Arab Emirates, Brazil, and Australia.

While a recent study from IBM’s Institute of Business Value found that reducing incident response time is the top challenge facing security professionals today, this new survey from the Ponemon Institute shows that the majority of companies are still not taking the proper steps to plan an effective and comprehensive response plan.

Key Findings

  • More than half (53%) say they suffered at least one data breach in the past two years
  • 74% say they faced threats due to human error in the past year
  • When examining the past two years, 74% say they have been compromised by malware on a frequent basis, and 64% have been compromised by phishing on a frequent basis
  • Only 25% have an incident response plan applied consistently across the organization. Twenty-three percent have no incident response plan at all

While the results of the study show that many organisations have yet to implement effective planning and preparedness measures to respond to cyberattacks, studies show that incident response will become a greater priority within the next several years.

“While companies are seeing the value of deploying an incident response plan, there is still a lag in having the appropriate people, processes, and technologies in place,” said Dr. Larry Ponemon. “We are encouraged that this is becoming a more important part of an overall IT security strategy.”

The full executive summary of these findings can be found here.

(Infographic: IBM)