IBM-Ponemon Finds Most Companies Lack Resources to Block Cyber-Attacks | eWeek

Study Finds Companies Lack Plans, Resources to Thwart Cyber-Attacks

1088_LackResourceCyber
Written By
Don Reisinger
Don Reisinger
Mar 21, 2018
3 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More


Study Finds Companies Lack Plans, Resources to Thwart Cyber-Attacks

Study Finds Companies Lack Plans, Resources to Thwart Cyber-Attacks

A new study conducted by the Ponemon Institute and sponsored by IBM found that companies have a hard time preventing and responding to cyber-attacks that threaten the integrity of their networks and data. In a majority of cases, companies don’t have the sufficient security budgets and staffing to discover threats and expunge them from their networks. Even as the potential damage caused by cyber-attacks increases, companies are slow to bring in Chief Information Security Officers and other critical security professionals to plan how to find and fix vulnerabilities. IBM’s study concludes that companies that have intrusion discovery and prevention plans in place can often thwart attacks before they happen. But too few companies are doing what it takes to safeguard their data. Read on to learn more of Ponemon Institute’s findings.


Most Companies Lack Cyber-Incident Response Plans

Most Companies Lack Cyber-Incident Response Plans

IBM found that 77 percent of companies still do not have a formal cyber security incident response plan (CSIRP) in place across all divisions within the organization. That means when a cyber-attack is underway, at least some corporate divisions if not all of them will know what steps to take to contain an attack.


Half of Companies at Best Have Informal Response Plans in Place

Half of Companies at Best Have Informal Response Plans in Place

The IBM-Ponemon study found that about 50 percent of organizations have either an “informal” or an “ad hoc” response plan, or even no plan at all. In those cases, companies are left to react to what’s happening without a basic plan to guide their responses.


Advertisement

Companies Remain Unprepared Even as Cyber-Attack Severity Increases

Companies Remain Unprepared Even as Cyber-Attack Severity Increases

Survey respondents revealed that they are unprepared to fight cyber-attacks even as the severity of threats and attacks is increases. The study found that 65 percent of companies said that they’ve witnessed increased “severity” in attacks they’ve had to deal with.


Companies Are Slow to Respond to Emerging Threats

Companies Are Slow to Respond to Emerging Threats

IBM-Ponemon study found that 57 percent of companies are taking more time now than they had in the prior year to respond and mitigate the threats they face. This means more severe threats have more time to wreak havoc on their targets.


Enterprises Need to Become ‘Cyber-Resilient’

Enterprises Need to Become ‘Cyber-Resilient’

IBM said it’s time for companies to work on becoming “cyber-resilient,” IBM said. This means they need to have the right staff using the right tools to quickly identify threats and thwart them before they can cause too much damage. According to IBM, 72 percent of companies believe they’re more cyber-resilient in 2018 than they were in 2017, and 61 percent of them say they achieved that by hiring new, “skilled personnel.”


But There Are Barriers to Achieving Cyber-Resilience

But There Are Barriers to Achieving Cyber-Resilience

IBM found in its study that artificial intelligence and machine learning are critical technologies for improving a company’s cyber resilience. However, 60 percent of respondents said that the lack of sufficient investment in these technologies is proving to be the biggest bottleneck as their companies attempt to improve their cyber-resilience.


Budget and Staffing Are Problems, Too

Budget and Staffing Are Problems, Too

Despite the obvious threats to corporate security, just 31 percent of companies report having the proper budget to handle and address potentially hacks, according to IBM. More than three-quarters of companies—77 percent—say that they’re unable to hire critical IT security personnel to address potential threats.


Advertisement

Few Companies Have Hired CISOs

Few Companies Have Hired CISOs

Chief Information Security Officers (CISOs) can assume the critical role of preparing companies to prevent or mitigate cyber-attacks. But the study found that 23 percent of companies don’t have a CISO or similar security executive. IBM also discovered that 50 percent of CISOs have only been with their companies for three years or less.


How to Keep Costs Down

How to Keep Costs Down

The Financial risks of failing to respond quickly to cyber-threats are staggering. According to a separate IBM study on the cost of a data breach, companies that are able to identify and resolve a data breach within 30 days save nearly $1 million compared to those that experience a protracted delay in addressing the problem.


Government Regulations Aren’t Stimulating Action

Government Regulations Aren’t Stimulating Action

There had been some hope that the European Union’s decision to enact the General Data Protection Regulation that takes effect in May 2018 would prod companies to enact incident response plans. However, IBM found that “most” companies are concerned that they won’t meet the deadline and will therefore not be in compliance with the regulation. That doesn’t bode well for similar efforts in the U.S. to boost data security.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.