In a new study commissioned by Resilient Systems, information security research firm The Ponemon Institute benchmarked UK organisations' resilience to cyber threats.
The study titled “The Cyber Resilient Organisation in the United Kingdom: Learning to Thrive against Threats”, is the second report in a series of cyber-resilience studies. It found that 71 percent of UK organisations would rate their cyber-resilience as low, underlining a lack of preparedness to handle cyber-attacks.
As part of the study, the Ponemon Institute surveyed 450 IT and security executives about their organisations' approaches to becoming more resilient in the face of increasingly problematic and frequent cyber-attacks.
Common reasons for this include particularly insufficient planning and preparedness, inadequate capability to respond to incidents and a lack of clear ownership.
The research is timely, with the European Parliament voting on the next phase of the Network and Information Systems Directive (NISD), which provides legal measures to boost the overall level of cyber-security in the EU by increasing the cyber-security capabilities of the Member States. This includes the requirement for organisations to develop robust incident response plans.
Key takeaways from the UK Ponemon study include:
The state of cyber-resilience in the UK needs improvement
Insufficient planning and preparedness is the major barrier to achieving a high level of cyber-resilience
A high level of cyber-security is difficult to achieve if no single function clearly owns responsibility
Organisational factors hinder efforts to achieve a high level of cyber-resilience
Larry Ponemon, founder of the Ponemon Institute said: “Despite the growing importance of cyber-resilience, the research shows serious issues that need to be addressed if UK organisations are to survive the next wave of cyber-attacks”, he said. “Until cyber-resilience becomes a coordinated, organisation-wide effort and the necessary technology and processes are put in place, organisations will remain vulnerable.”
John Bruce, CEO and co-founder of Resilient Systems said, “When security incidents occur, organisations need to react quickly and decisively to ensure attacks are managed before they turn into serious business crises. That's the foundation of cyber-resilience.”
“By preparing and provisioning for these situations, and aligning the people, processes and technology for response, organisations can improve their security posture and actually thrive in the face of cyber-security incidents.”
A copy of the report can be found here.