Content, Channel partners, Content

IBM Study: 77% of Orgs Lack Cybersecurity Incident Response Plan


Cyber resilience, the alignment of prevention, detection and response capabilities to manage, mitigate and move on from cyberattacks, is a top priority for many organizations. Yet organizations globally continue to struggle with cybersecurity incident response, according to a study of more than 2,800 incident response professionals conducted by IBM Resilient and the Ponemon Institute.

Key findings from the IBM and Ponemon "Third Annual Study on the Cyber Resilient Organization" included:

  • 77 percent of study respondents do not have a formal cybersecurity incident response plan (CSIRP) applied consistently across their organization.
  • 77 percent have difficulty retaining and hiring IT security professionals.
  • 60 percent consider a lack of investment in artificial intelligence (AI) and machine learning as the biggest barrier to cyber resilience.
  • Only 31 percent have an adequate cyber resilience budget in place, and 29 percent agree their staffing for IT security is sufficient to achieve a high level of cyber resilience.

Forty-eight percent of incident response professionals rate their organization's cyber resilience as high or very high, the study revealed. Comparatively, 65 percent said the severity of cyberattacks increased and 57 percent noted the time to resolve an incident increased between 2016 and 2017.

The study surfaces one week before IBM Think 2018, a new conference that consolidates all of the company's major customer and partner gatherings under one banner. MSSP Alert will be on-hand to cover IBM's latest security developments.

Key Traits of a Cyber Resilient Organization

There are several traits that distinguish a cyber resilient organization from others, the study indicated. These traits include:

  • Mature Cybersecurity Programs and Activities: 69 percent of high-performing cyber resilient organizations have a mature cybersecurity program with most or all activities deployed across the enterprise.
  • Greater Ability to Prevent Cyberattacks: High-performing cyber resilient organizations have a greater ability to prevent cyberattacks (72 percent) than other organizations (55 percent).
  • Fewer Data Breaches: Highly cyber resilient organizations are less likely to suffer a data breach (48 percent) than others (56 percent).
  • Senior Management Support: Senior managers in high-performing cyber resilient organizations are more likely to recognize the impact of cyber resilience on an organization's brand, reputation and revenues than managers in other organizations.

Seventy-two percent of incident response professionals said their organization's cyber resilience has improved over the past 12 months, the study showed. However, many hurdles make it tough for organizations to manage cyber risk.

How to Improve an Organization's Cyber Resilience

IBM and Ponemon offered the following recommendations to help organizations improve their cyber resilience:

  • Increase IT security staffing.
  • Develop and deploy enterprise-wide CSIRPs.
  • Invest in AI, automation, machine learning and orchestration technologies to address the increase in the severity and volume of cyberattacks and the difficulty in hiring skilled IT security practitioners.
  • Increase funding for cyber resilience activities.

Organizations must take steps to reduce the time to detect, contain and respond to cyberattacks, according to the study. By doing so, organizations can find the best ways to identify and address threats against applications, data and IT infrastructure.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.