Resilient, an IBM Company and the Ponemon Institute unveiled the results of the annual Cyber Resilient Organization study.
The study found that only 32 percent of IT and security professionals say their organization has a high level of Cyber Resilience – down slightly from 35 percent in 2015.
The 2016 study also found that 66 percent of respondents say their organization is not prepared to recover from cyberattacks.
For the second straight year, the study showed that challenges with incident response (IR) are hindering Cyber Resilience.
Seventy-five percent of respondents admit they do not have a formal cyber security incident response plan (CSIRP).
Of those with a CSIRP in place, 52 percent have either not reviewed or updated the plan since it was put in place, or have no set plan for doing so.
Additionally, 41 percent say the time to resolve a cyber incident has increased in the past 12 months, compared to only 31 percent who say it has decreased.
“This year’s Cyber Resilience study shows that organizations globally are still not prepared to manage and mitigate a cyberattack,” said John Bruce, CEO and co-founder of Resilient, an IBM Company.
“Security leaders can drive significant improvement by making incident response a top priority – focusing on planning, preparation, and intelligence.”
According to respondents, an incident response platform (IRP) is among the most effective security technologies for helping organizations become Cyber Resilient, along with identity management and authentication, and intrusion detection and prevention systems.
The study also uncovered common barriers to Cyber Resilience. The majority – 66 percent – say “insufficient planning and preparedness” is the top barrier to Cyber Resilience.
Respondents also indicate that the complexity of IT and businesses processes is increasing faster than their ability to prevent, detect, and respond to cyberattacks – leaving businesses vulnerable.
This year, 46 percent of respondents say the “complexity of IT processes” is a significant barrier to achieving a high level of Cyber Resilience, up from 36 percent in 2015. Fifty-two percent say “complexity of business processes” is a significant barrier, up from 47 percent in 2015.
Also on Wednesday, IBM announced a major expansion of its incident response capabilities as part of a $200 million investment made this year.
The enterprise IT major launched a new incident response and intelligence consulting team called IBM X-Force Incident Response and Intelligence Services (IRIS).
IBM’s investments also include its acquisition of Resilient Systems earlier this year, a pioneer in the incident response market.
The company also expanded capabilities and capacity for its global network of IBM X-Force Command Centers which now handle over 1 trillion security events per month.
These security operations centers are staffed by 1,400 security professionals who will use cognitive technologies like Watson for client services, including chat sessions and data delivery, as well as Watson for Cybersecurity to quickly address cyber security events.
