When it comes to responding to cyber-attacks it seems many companies are severely lacking.
A study out this week conducted by the Ponemon Institute and sponsored by Resilient an IBM company said that 66% of the 2,400 security and IT professionals they interviewed said their organization is not prepared to recover from cyberattacks.
+More on Network World: Cisco: Potent ransomware is targeting the enterprise at a scary rate+
According to Ponemon, for the second straight year the Cyber Resilient Organization study showed that incident response challenges are hindering what the researchers called cyber resilience or what they define as the as “the alignment of prevention, detection, and response capabilities to manage, mitigate, and move on from cyberattacks.”
Some of the key results of the study found:
- 75% of respondents admit they do not have a formal cyber security incident response plan (CSIRP) that is applied consistently across the organization.
- Of those with a CSIRP in place, 52% have either not reviewed or updated the plan since it was put in place, or have no set plan for doing so.
- 41% say the time to resolve a cyber incident has increased in the past 12 months, compared to only 31% who say it has decreased.
- 74% say they faced threats due to human error in the past year
- When examining the past two years, 74% say they have been compromised by malware on a frequent basis, and 64% have been compromised by phishing on a frequent basis
- 68% don’t believe their organizations have the ability to remain resilient in the wake of a cyberattack
- 66% aren’t confident in their organization’s ability to effectively recover from an attack
- 25% have an incident response plan applied consistently across the organization. 23% have no incident response plan at all
- Only 14% test their incident response plans more than one time per year
- 66% cite a lack of planning as their organization’s biggest barrier to becoming resilient to cyberattacks
- 48% say their organization’s Cyber Resilience has either declined (4 percent) or not improved (44%) over the past 12 months
- 41% say the time to resolve a cyber incident has increased or increased significantly, while only 31% say it has decreased or decreased significantly
- In 2015, the average cybersecurity budget was $10 million. This increased to an average of $11.4 million. More funding has been allocated to cyber resilience-related activities. In 2015, 26% of the IT security budget was allocated to cyber resilience related activities. This increased to 30% in 2016.
+More on Network World: Phishing scheme crimps El Paso for $3.2 million+
Most organizations represented in this research experienced a data breach in the past year. Fifty-three percent of respondents say their organization experienced a data breach involving the loss or theft of more than 1,000 records containing sensitive or confidential business information in the past two years. Of those breached, 57% of respondents say they had more than one data breach in the past two years.
Check out these other hot stories: