The vast majority U.S. organizations are not prepared to properly respond to a cyber attack, according to a new study by the Ponemon Institute.
The organization's report, The Cyber Resilient Organization: Learning to Thrive Against Threats, surveyed 600 IT and security executives and found that 75 percent of them do not believe their company is truly cyber resilient and only 32 percent feel they can properly recover from a cyberattack. Being cyber resilient has grown in importance as companies move toward understanding that their response to an attack is just as important as attempting to block it in the first place.
“The volume of security incidents increases every year, they're getting more complex, and data breaches are more frequent and costly than ever. That's why businesses are turning to cyber resilience – accept that security breaches are inevitable and develop the ability to efficiently handle them and move on, just like any other business challenge,” John Bruce, CEO of Resilient Systems, which sponsored the report, told SCMagazine.com in an email correspondence Tuesday.
Another telling statistic was that 70 percent of the respondents do not believe their firm has a fully functioning cybersecurity response plan in place and Only 17 percent have a well-defined CSIRP that is applied consistently across their organization.
This was said despite 91 percent of those surveyed saying cyber resilience is essential to protecting intellectual property.
The study found that part of the reason for these shortcomings is that their company has not allotted the proper amount of funding nor taken the time to put these resources in place.
Bruce said this situation should change going forward as companies realize they have to increase their spend on how to best respond to an incident, just as the corporations learned that they had to develop preventative and detection measures.
“We're at the next turning point now where businesses realize they can manage and minimize the damage and disruption they cause if they respond correctly. Get that in balance with prevention and detection and you'll dramatically improve your cyber resilience,” Bruce said.