Many Organizations Lack Plan to Respond to Incidents: Study Report

This is crucial information as regards cyber security! Many organizations today lack a plan to respond to cyber security incidents, as per a recent study.

“The 2018 Cyber Resilient Organization” study, conducted by the Ponemon Institute and sponsored by IBM Resilient, points out that for most organizations globally, responding to cyber security incidents remains a major challenge.

Ted Julian, the VP Product Management and Co-Founder of Resilient, IBM, has authored a detailed analysis of the study findings. Julian writes: “When a cyberattack occurs, most organizations are unprepared and do not have a consistent incident response plan. That’s the major takeaway from our third annual “Cyber Resilient Organization” study, conducted by the Ponemon Institute. The study revealed that 77 percent of respondents still lack a formal cybersecurity incident response plan (CSIRP) that is applied consistently across the organization, a figure that is largely unchanged from the previous year’s study.”

The researchers who did the study had collected in-depth qualitative data through over 1,900 separate interviews conducted in 419 companies over a period of 10 months, up till March 2017. These researchers interacted with IT, compliance and information security practitioners to gauge their cyber security practices.

A notable thing pertaining to the study is that nearly half of the respondents said that their response plan is either informal or non-existent. But still, the respondents seem to report that there is a kind of growing confidence in cyber resilience. The figures, however, don’t seem to be supporting this. As per the Ponemon study, 57 percent of respondents stated that the time to resolve an incident has increased. While only 29 percent reportedly have the ideal staffing level, only 31 percent have proper budget allocated for cyber resilience. The study also points out that lack of investment in important tools, like machine learning and AI (Artificial Intelligence), was the biggest barrier to cyber resilience.

Ted Julian notes that organizations should definitely address these challenges in 2018. He writes- “It’s imperative that organizations address these challenges in 2018. Cyberattacks can have large costs associations, such as with WannaCry and NotPetya, and the General Data Protection Regulation (GDPR) is quickly approaching. Not only do organizations lack a consistent incident response plan — a GDPR requirement — but most reported low levels of confidence in complying with GDPR.”

He further states, “Based on the findings of the Ponemon report, organizations can improve their cyber resilience by arming employees with the most modern tools available to aid their work, such as AI and machine learning. Implementing a strategy that orchestrates human intelligence with these tools can help organizations create effective incident response plans.”