Study: Despite increased confidence, companies still struggle with cyber-security

3/15/2018
Organizations may feel increasingly resilient when it comes to fighting cyber-attacks, however, they are far from invincible.

While 72% of organizations feel more “cyber resilient,” or having a stronger security posture, 77% admitted they do not have a formal cyber security incident response plan (CSIRP) applied consistently across their organization, according to “The Third Annual Study on the Cyber Resilient Organization,” from Ponemon Institute, and sponsored by IBM Resilient.

Despite having formal CSIRPs in place, highly resilient organizations (61%) attribute their confidence to their ability to hire skilled personnel. However, organizations need both technology and people to be cyber- resilient. In fact, 60% of respondents consider a lack of investment in AI and machine learning as the biggest barrier to cyber resilience.

Lacking solutions are increasing the time to resolve an incident among 57% of respondents, while 65% reported the severity of the attacks has increased. These problems are further compounded by just 31% of companies having an adequate cyber resilience budget in place, and difficulty retaining and hiring IT security professionals (77%).

In fact, only 29% of respondents reported having ideal staffing to achieve cyber resilience. Only half (50%) of participants said their organization’s current CISO or security leader has been in place for three years or less, and 23% said they do not currently have a CISO or security leader.

This will be a challenge once the General Data Protection Regulation (GDPR) takes effect in May, a protocol that will mandate that organizations have an incident response plan in place.

“Organizations may be feeling more cyber resilient today, and the biggest reason why was hiring skilled personnel,” said Ted Julian, VP of product management and co-founder, IBM Resilient.

“Having the right staff in place is critical but arming them with the most modern tools to augment their work is equally as important,” he added. “A response plan that orchestrates human intelligence with machine intelligence is the only way security teams are going to get ahead of the threat and improve overall cyber resilience.”
X
This ad will auto-close in 10 seconds