The fourth IBM cyber security survey reveals how unprepared companies are for a cyber attack. Despite widespread acknowledgement that a strong cyber security response plan can save companies significant damages in the wake of an attack, the study shows that many organisations still do not have an incident response plan in place – and those that do have a plan are not testing it regularly.
This is especially concerning given that in the past two years 56% of UK organisations surveyed experienced a data breach, and 62% said they experienced a cyber security incident.
These incidents seem to be coming thick and fast with 50% of the organisations that experienced a data breach saying they experienced two to three times in the year and 19% of those had experienced more than five.
According to the survey, 61% of organisations say the volume of incidents has increased and 70% say the severity has increased.
Yet, 48% believe cyber resilience has improved.
How can this be the case? As it seems that for most firm’s cyber security incidents are a regular occurrence and when they do happen, they’re worse than ever.
Automate… under half? Fewer than 50% of enterprises have deployed intelligent automation technology
“Failing to plan is a plan to fail”
“Failing to plan is a plan to fail when it comes to responding to a cyber security incident,” said Ted Julian, VP of product management and co-founder, IBM Resilient.
Of those surveyed, 51% said they experience frequent disruptions to business processes or IT. On top of this, 75% of respondents said they do not have a Computer Security Incident Response Plan (CSIRP) that is applied consistently across the entire enterprise. And of the organisations that do have a CSIRP in place, 45% do not test plans regularly or at all.
However, in Julian’s opinion, this is not the way go about things: “These plans need to be stress tested regularly and need full support from the board to invest in the necessary people, processes and technologies to sustain such a program.
“When proper planning is paired with investments in automation, we see companies able to save millions of dollars during a breach.”
Studies show that companies who can respond quickly and efficiently to contain a cyber attack within 30 days save over $1 million on the total cost of a data breach on average.
It does seem that awareness amongst firms regarding the necessity of cyber security has increased though — a good sign. The time to detect, contain and respond to incidents has increased significantly, according to 30% of respondents.
Vigilante cyber security: collaboration is better than proactive cyber security
So what about automation?
For the first time, this year’s study measured the impact of automation on cyber resilience. These technologies depend upon artificial intelligence, machine learning, analytics and orchestration.
When asked if their organisation leveraged automation, only 23% said they were significant users, whereas 77% reported their organisations only use automation moderately, insignificantly or not at all. Organisations with the extensive use of automation rate their ability to prevent (69% vs. 53%), detect (76% vs. 53%), respond (68% vs. 53%) and contain (74% vs. 49%) a cyber attack as higher than the overall sample of respondents.
Considering this, it’s a wonder that 76% of senior managers who find it difficult to hire and retain IT security personnel don’t change their approach. Only 18% reported using automation significantly in their organisation.
Cyber security best practice: Definition, diversity, training, responsibility and technology
