77% of Companies Don't Have a Consistent Cyber Security Response Plan

In The Third Annual Study on the Cyber Resilient Organization, a study sponsored by IBM Resilient, the results of a global survey on "cyber resilience" were revealed.

Cyber resilience is defined as an organization's ability to maintain its core purpose and integrity in the face of cyber attacks.

Key findings from the report include the following:


Although 72% of the 2,800 respondents reported feeling more cyber resilient today than in the past year, nearly half said their cyber incident response plan is informal, ad hoc, or completely non-existent.

Despite the fact that this 2017 Cost of a Data Breach Study found that the cost of a data breach is likely to be nearly $1 million lower on average if an organization can contain the breach in fewer than 30 days – a response time generally requiring a strong cyber security incident response plan (CSIRP) – 77% of those surveyed said a formal CSIRP is not currently applied consistently across their organizations.


The biggest challenge organizations face in building and maintaining an effective cyber security plan is lack of dedicated security personnel, followed by lack of funding and software solutions.

Over 75% of survey respondents reported having difficulty hiring and retaining qualified IT security professionals. 23% reported that their organizations do not currently have a CISO or security leader.

Insufficient funding was cited by 69% of respondents as a major roadblock; 60% of respondents consider a lack of investment in AI and machine learning as their biggest barrier to cyber resilience.

Preparing for the Future

As the technological landscape evolves, making way for advances in such fields as IIoT and machine learning, protection from potential cyber threats becomes more and more critical.

65% of respondents reported that the severity of attacks has increased over the last year, and 57% admitted that this has increased the time (and cost) it takes to resolve an incident.

Additionally, the General Data Protection Regulation (GDPR), which takes effect May 26, 2018, mandates that organizations with EU data subjects have an incident response plan in place.

Of those who participated in the survey, 77% do not have an incident response plan that is applied consistently across the entire enterprise. Additionally, most of those surveyed reported a lack of confidence in their ability to comply with the regulation.


"A response plan that orchestrates human intelligence with machine intelligence is the only way security teams are going to get ahead of the threat and improve overall cyber resilience," said Ted Julian, VP of Product Management and Co-Founder, IBM Resilient.

With the number of complex factors that must come together to ensure an effective and future-friendly cyber security strategy, it's understandable that many organizations struggle to figure out where to start.

A practical starting point is a thorough, professional security audit and vulnerability assessment, to lay the foundation for the development of a robust cyber security strategy.

The next step is to make sure your plan is consistently applied throughout your enterprise. An outside firm can provide this service, or you can prepare your internal team to manage your cyber security response plan through professional cyber security training.

If your organization could use a cyber-resilience boost, contact us to learn more about our cybersecurity services and training offerings.

Next Read:

The 2018 Digital Innovation Benchmark Report

share via Email share on Facebook share on Twitter share on LinkedIn