1Study Finds Companies Lack Plans, Resources to Thwart Cyber-Attacks
A new study conducted by the Ponemon Institute and sponsored by IBM found that companies have a hard time preventing and responding to cyber-attacks that threaten the integrity of their networks and data. In a majority of cases, companies don’t have the sufficient security budgets and staffing to discover threats and expunge them from their networks. Even as the potential damage caused by cyber-attacks increases, companies are slow to bring in Chief Information Security Officers and other critical security professionals to plan how to find and fix vulnerabilities. IBM’s study concludes that companies that have intrusion discovery and prevention plans in place can often thwart attacks before they happen. But too few companies are doing what it takes to safeguard their data. Read on to learn more of Ponemon Institute’s findings.
2Most Companies Lack Cyber-Incident Response Plans
IBM found that 77 percent of companies still do not have a formal cyber security incident response plan (CSIRP) in place across all divisions within the organization. That means when a cyber-attack is underway, at least some corporate divisions if not all of them will know what steps to take to contain an attack.
3Half of Companies at Best Have Informal Response Plans in Place
4Companies Remain Unprepared Even as Cyber-Attack Severity Increases
5Companies Are Slow to Respond to Emerging Threats
6Enterprises Need to Become ‘Cyber-Resilient’
IBM said it’s time for companies to work on becoming “cyber-resilient,” IBM said. This means they need to have the right staff using the right tools to quickly identify threats and thwart them before they can cause too much damage. According to IBM, 72 percent of companies believe they’re more cyber-resilient in 2018 than they were in 2017, and 61 percent of them say they achieved that by hiring new, “skilled personnel.”
7But There Are Barriers to Achieving Cyber-Resilience
IBM found in its study that artificial intelligence and machine learning are critical technologies for improving a company’s cyber resilience. However, 60 percent of respondents said that the lack of sufficient investment in these technologies is proving to be the biggest bottleneck as their companies attempt to improve their cyber-resilience.
8Budget and Staffing Are Problems, Too
Despite the obvious threats to corporate security, just 31 percent of companies report having the proper budget to handle and address potentially hacks, according to IBM. More than three-quarters of companies—77 percent—say that they’re unable to hire critical IT security personnel to address potential threats.
9Few Companies Have Hired CISOs
Chief Information Security Officers (CISOs) can assume the critical role of preparing companies to prevent or mitigate cyber-attacks. But the study found that 23 percent of companies don’t have a CISO or similar security executive. IBM also discovered that 50 percent of CISOs have only been with their companies for three years or less.
10How to Keep Costs Down
The Financial risks of failing to respond quickly to cyber-threats are staggering. According to a separate IBM study on the cost of a data breach, companies that are able to identify and resolve a data breach within 30 days save nearly $1 million compared to those that experience a protracted delay in addressing the problem.
11Government Regulations Aren’t Stimulating Action
There had been some hope that the European Union’s decision to enact the General Data Protection Regulation that takes effect in May 2018 would prod companies to enact incident response plans. However, IBM found that “most” companies are concerned that they won’t meet the deadline and will therefore not be in compliance with the regulation. That doesn’t bode well for similar efforts in the U.S. to boost data security.