Most organizations ill prepared to defend against cyber attacks

Register now

A vast majority of organizations are not prepared to properly respond to cyber security incidents, according to a new report from the Ponemon Institute conducted on behalf of IBM.

Researchers surveyed more than 3,600 security and IT professionals from around the world, and 77 percent indicated they do not have a cyber security incident response plan applied consistently across the enterprise.

Although studies have shown that fast response can help contain cyber attacks, shortfalls in proper cyber security incident response planning have remained consistent over the past four years of the Ponemon study.

Of the organizations surveyed that do have a plan in place, more than half (54 percent) do not test their plans regularly. That can leave them less prepared to effectively manage the complex processes and coordination that must take place following an attack.

The difficulty security teams are facing in implementing a cyber security incident response plan has also affected compliance with the General Data Protection Regulation (GDPR). Nearly half of respondents (46 percent) said their organization has yet to realize full compliance with GDPR, even as the one-year anniversary of the legislation approaches.

Less than one quarter of the respondents said their organization significantly uses automation technologies, such as identity management and authentication, incident response platforms, and security information and event management (SIEM) tools, in their response process.

For reprint and licensing requests for this article, click here.