The ability of organisations to resist cyber-attacks has diminished in the last year, according to a new study by IBM company Resilient and Ponemon.
Less than one third (32%) of 2,400 IT and security professionals surveyed for the 2016 Cyber Resilient Organisation say their organisation has a high level of ‘cyber resilience’, down from 35% in 2015. Two thirds doubt their organisation’s ability to recover from cyberattacks.
Barriers to achieving a high level of Cyber Resilience include the complexity of IT processes, cited by 46% of respondents (up from 36% in 2015), and the complexity of business processes, cited by 52% (up from 47% in 2015).
The international study also highlights inadequate ‘incidence response’ processes: only a quarter of respondents have a formal cyber security incident response plan (CSIRP) applied consistently across their organisation; and, of those that do, less than half have reviewed or updated the plan since it was put in place.
More than half (53%) of companies have suffered at least one data breach in the last two years; 74% have frequently been compromised by malware, and 64% by phishing. Four out of 10 (41%) say the time to resolve a cyber incident has increased in the past 12 months, compared to only 31% who say it has gone down.
John Bruce, CEO and co-founder of Resilient, an IBM Company, said: “This year’s Cyber Resilience study shows that organisations globally are still not prepared to manage and mitigate a cyberattack. Security leaders can drive significant improvement by making incident response a top priority – focusing on planning, preparation and intelligence.”