Report: 77% of companies don't have a consistent cybersecurity response plan

An IBM security report found that the time to resolve security issues is increasing, and that is costing companies more money.

Building a slide deck, pitch, or presentation? Here are the big takeaways:
  • In a study of cyber resilience, 77% of respondents didn't have formal cyber security incident response plan (CSIRP) applied consistently across their organization. — IBM, 2018
  • 57% of business leaders said it's taking longer to resolve cyber incidents and 65% said attack severity is increasing. — IBM, 2018

Despite the rapid proliferation of new cyber threats, 77% of business leaders admitted that they don't have a formal cybersecurity incident response plan (CSIRP) that's applied consistently in their organization.

That statistic comes from a new IBM report on cybersecurity resilience—a study of 2,800 security and IT professionals from around the world—released Wednesday. Although a form CSIRP can be considered a core part of cyber readiness, nearly half of those surveyed said that their response plan is informal or ad hoc, if it even exists at all.

Even though a majority of the respondents didn't have a formal plan applied properly in their business, 72% felt that they were more cyber resilient today than they were at the same time last year. Of those that felt confident in their resilience, 61% said it was due to their ability to hire skilled security staff.

SEE: Information security policy (Tech Pro Research)

But, as any security expert knows, an organization needs the right people and the right tools to stay safe. Apparently, many respondents felt that way too, as 60% said a lack of investment in next-gen tech like artificial intelligence (AI) and machine learning was holding them back from achieving proper resilience to cyberattacks.

Despite this confidence, 57% said it's taking longer to resolve cybersecurity incidents than before. Additionally, 65% said the severity of cyberattacks is increasing. And what makes this worse is that only 31% had the proper budget in place to boost their security capabilities.

"Organizations may be feeling more Cyber Resilient today, and the biggest reason why was hiring skilled personnel," Ted Julian, co-founder of IBM Resilient, said in a press release. "Having the right staff in place is critical but arming them with the most modern tools to augment their work is equally as important."

The lack of proper security planning could hit these businesses in their wallets as well. A 2017 Cost of a Data Breach Study, also from IBM, found that a data breach would cost roughly $1 million less, on average, if the victim could contain it within 30 days.

Also see

Image: iStockphoto/SARINYAPINNGAM

About Conner Forrest

Conner Forrest is a Senior Editor for TechRepublic. He covers enterprise technology and is interested in the convergence of tech and culture.

Editor's Picks

Free Newsletters, In your Inbox