Security

66% of organizations won't recover after cyberattack, study says

IBM and the Ponemon Institute's 2016 Cyber Resilient Organization study found that cyber resilience among enterprise organizations is dropping.

security.jpg
Image: iStockphoto/FotoMaximum

A recent study performed by IBM's Resilient and the Ponemon Institute found that 66% of organizations would be unable to recover from a cyberattack. The results of the 2016 Cyber Resilient Organization study were released Wednesday, and show a decline in organizational resilience against cyberattacks.

Of the respondents, 32% of IT and security professionals ranked their resilience as high. That same number was 35% in 2015, marking a drop over the past 12 months. A press release announcing the study defined resilience as "an organization's ability to maintain its core purpose and integrity in the face of cyberattacks."

One of the biggest hindrances to effective security listed by respondents was the lack of a proper cyber security incident response plan (CSIRP). However, it should be noted that Resilient provides incident reporting services.

SEE: Information security incident reporting policy (Tech Pro Research)

"While companies are seeing the value of deploying an incident response plan, there is still a lag in having the appropriate people, processes, and technologies in place," Larry Ponemon said in the press release. "We are encouraged that this is becoming a more important part of an overall IT security strategy."

The next highest barrier to proper resilience, as listed by 66% of respondents, was "insufficient planning and preparedness." The report also noted that 46% listed "complexity of IT processes" as something that kept their organization from achieving resilience. That number is up from 36% last year.

The study also looked at what type of security incidents the respondents were experiencing. Some 53% reported that they had dealt with at least one data breach in the past two years. Over that same period, 74% said their organization had experienced threats as a result of "human error," the release said.

Malware (74%) and phishing (64%) topped the list of frequently-experienced attacks. And, while most respondents were not confident in their organization's ability to recover from an attack, 68% believed their organization could at least remain resilient.

In all, 2016 has seen some of the worst cyberattacks in recent history. With the DYN DDoS attack taking out many major web properties and other high-profile attacks, it's no wonder companies are losing confidence in their security.

The 3 big takeaways for TechRepublic readers

  1. A new study from IBM and the Ponemon Institute claims 66% of organizations would likely be unable to recover from a cyberattack.
  2. Insufficient planning and complexity of IT and business were listed as top reasons for companies being unable to properly respond to an attack.
  3. More than half of respondents have dealt with a data breach in the last two years.

Also see

About Conner Forrest

Conner Forrest is a Senior Editor for TechRepublic. He covers enterprise technology and is interested in the convergence of tech and culture.

Editor's Picks

Free Newsletters, In your Inbox