Enterprises Still Can’t Handle Cyberattacks, Study Warns

Resilient, an IBM Company, unveiled the results of a new survey which found that only 32% of IT and security professionals feel their organization is ready for a cyberattack – down slightly from 35% in 2015. The annual Cyber Resilient Organization study also found that 66% of respondents say their organization is not prepared to recover from cyberattacks.

While the results of the study show that many organizations have yet to implement effective planning and preparedness measures to respond to cyberattacks, studies show that incident response will become a greater priority within the next several years.

For the second straight year, the IBM study, conducted by the Ponemon Institute, showed that challenges with incident response are hindering cyber resilience. Seventy-five percent of respondents admit they do not have a formal cyber security incident response plan that is applied consistently across the organization. Of those with a plan in place, 52% have either not reviewed or updated the plan since it was put in place, or have no set plan for doing so. Another 41% say the time to resolve a cyber incident has increased in the past 12 months, compared to only 31% who say it has decreased.

Respondents also indicate that the complexity of IT and businesses processes is increasing faster than their ability to prevent, detect, and respond to cyberattacks – leaving businesses vulnerable. This year, 46% of respondents say the “complexity of IT processes” is a significant barrier to achieving a high level of security, up from 36% in 2015. Fifty-two percent say “complexity of business processes” is a significant barrier, up from 47% in 2015.

Companies are experiencing frequent and successful cyberattacks, the study also found. More than half, 53%, say they suffered at least one data breach in the past 2 years. Another 74% say they faced threats due to human error in the past year, and 74% also say they have been compromised by malware on a frequent basis.

For information on Resilient, an IBM Company, go here.

More information on IBM Security is available here.