Cybersecurity Requires Planning and Practice, Survey Finds

As business operations and technology adoption have shifted drastically in 2020, cybercriminals are looking to take advantage of any security loopholes introduced during the process. Having a cybersecurity response plan has never been more critical. And being prepared can save companies millions of dollars in financial and reputational damage.

And yet, the fifth annual “Cyber Resilient Organization Report,” based on research conducted by the Ponemon Institute and sponsored by IBM Security, indicates that while many businesses around the world have slowly improved their cybersecurity capabilities in recent years, they remain at risk. The report found that for many businesses, the ability to withstand an attack is often hindered by the use of too many security tools, as well as a lack of specific playbooks for common and emerging types of attack.  

Even among companies with formal security response plans, only one-third had developed specific playbooks for common attack types. Plans for responding to emerging attack methods like ransomware lagged even further behind, according to the survey, the “Cyber Resilient Organization Report.”

"While more organizations are taking incident response planning seriously, preparing for cyberattacks isn’t a one-and-done activity," said Wendi Whitmore, an IBM Security executive who is Vice President of IBM X-Force Threat Intelligence. "Organizations must also focus on testing, practicing and reassessing their response plans regularly.”

Read the full report here.