Ponemon: US Cyber-resilience is Poor to Nonexistent

Three-quarters of US organizations are not prepared to respond to cyberattacks, leaving them more vulnerable than ever against increasing intensity and volume of security breaches.

A Ponemon Institute study has found that improving cyber-resilience can be the most potent weapon that organizations have in prevailing against the mounting threats they face. In fact, 91% said that cyber-resilience is essential to protecting intellectual property, while 90% said it’s required for minimizing non-compliance with regulations and obligations.

However, the current state of resilience is quite lacking. Twenty-five percent believe that their organization is truly cyber-resilient, and only 32% feel that they could properly recover from a cyber-attack at all. The vast majority also believe that they lack the proper tools and infrastructure to prevent existing types of attacks in the first place, let alone be prepared for the next wave of threats.

There are ways to improve this through best practices. So far, only 30% of respondents have a proper, modern Cyber Security Incident Response Plan (CSIRP) in place, for instance. And, only 17% have a well-defined CSIRP that is applied consistently across their organization.

Then there’s the human component. A lack of collaboration across business functions makes organizations more vulnerable to cyber-attacks; and, one-third (32%) of respondents stated that collaboration between business functions was poor or non-existent, and had a direct negative impact on their organization’s level of resilience.

Also, 65% of respondents said that their organizations have not devoted the necessary time and resources for planning and preparing for the next wave of cyber-attacks; which goes hand-in-hand with the fact that more than half (55%) believe their organization lacks sufficient risk awareness, analysis and assessments in combating those cyber-attacks.

“We found that cyber-resilience is now the No. 1 goal for security teams across these organizations, but they must adopt new technologies, improve collaboration across business functions and have proper CSIRPs in place, among other things, before they can attain that goal,” said report author Larry Ponemon.  “Until then, their organizations remain extremely vulnerable to the next wave of cyberattacks from increasingly sophisticated and determined hackers.”

What’s Hot on Infosecurity Magazine?