Study Finds Nearly Eighty Percent of Respondents Lack Formal Incident Response Plan on Cyberattacks

Posted by

IBM Security has announced the staggering findings of the third-annual benchmark study on Cyber Resilience — an organization’s ability to maintain its core purpose and integrity in the face of cyberattacks. Conducted by the Ponemon Institute and sponsored by IBM Resilient, more than 2,800 security and IT professionals were surveyed around the world in preparation of “The 2018 Cyber Resilient Organization.” The study found that many organizations continue to be ill-prepared for a cyberattack.

Some of the more staggering findings are as follows:

  • 77 percent of respondents do not have a formal cyber security incident response plan (CSIRP) applied consistently across their organization;
  • Approximately 50 percent of respondents (approximately) have an informal/ad hoc or completely non-existent incident response plan;
  • 57 percent of respondents report that the time to resolve an incident has increased;
  • 65 percent of respondents report the severity of cyberattacks has increased;
  • 77 percent of respondents reported difficulty retaining and hiring IT Security professionals

As a result, the report concludes that the vast majority of respondents will be unable to comply with the European Union’s General Data Protection Regulation (GDPR), which takes effect in May 2018, and will require formal incident response plans.

IBM’s press release can be found here.