By Express News Service

IBM Security this week noted that its study on organisations’ preparedness when it comes to withstanding and recovering from a cyberattack found that a vast majority are still unprepared to properly respond. The survey saw 77 per cent of respondents indicating they do not have a cybersecurity incident response plan applied consistently across the enterprise.

While studies show that companies who can respond quickly and efficiently to contain a cyberattack within 30 days save over $1 million on the total cost of a data breach on average, shortfalls in proper cybersecurity incident response planning have remained consistent over the past four years of the study, which was conducted for IBM by the Ponemon Institute.

Of the organisations that do have a plan in place, more than half do not test them regularly, which can leave them less prepared to effectively manage the complex processes and coordination that must take place in the wake of an attack.According to the study, the difficulty cybersecurity teams are facing in implementing a cybersecurity incident response plan has also impacted businesses’ compliance with the General Data Protection Regulation (GDPR). Nearly half of respondents say their organisation has yet to realize full compliance with GDPR, even as the one-year anniversary of the legislation quickly approaches.

“Failing to plan is a plan to fail when it comes to responding to a cybersecurity incident. These plans need to be stress tested regularly and need full support from the board to invest in the necessary people, processes and technologies to sustain such a program,” said Ted Julian, vice president of Product Management and co-founder, IBM Resilient.

Other takeaways

The survey also found that first, automation in response is still emerging with less than one-quarter of the respondents saying that their organisation significantly uses automation in their response process. That skills still do not pay the bills is also another takeway, with only 30 per cent of respondents reporting that staffing for cybersecurity is sufficient to achieve a high level of cyber resilience. Finally, the cybersecurity and privacy seem to be intrinsically connected to each other, with 62 per cent also indicated that aligning privacy and cybersecurity roles is essential or very important to achieving cyber resilience.