With all the recent emphasis on cyber security and the seemingly endless reports about how the focus on prioritizing data protection has risen to the board and C-suite levels, many organizations apparently are still struggling to defend themselves properly against the growing array of attacks.
A vast majority of enterprises are still unprepared to properly respond to cyber security incidents, and many of those that have cyber security incident response plans fail to test them, according to a recent report by the Ponemon Institute.
As part of the study, commissioned by IBM, the security research firm conducted a global survey of more than 3,600 security and IT professionals, and found that 77% of respondents indicated they do not have a cyber security incident response plan applied consistently across the enterprise.
While industry studies have shown that companies that respond efficiently to contain cyber attacks within 30 days save more than $1 million on the total cost of a data breach on average, shortfalls in proper cyber security incident response planning have remained consistent over the past four years of the Ponemon study.
Of the organizations surveyed that do have an incident response plan in place, more than half (54%) do not test their plans regularly. That can leave them less prepared to effectively manage the complex processes and coordination that needs to take place following an attack, the report said.
The challenges cyber security teams are facing in deploying cyber security incident response plans is affecting their ability to comply with the European Union’s General Data Protection Regulation (GDPR), the study said. Nearly half of the organizations surveyed (46%) said their organization has yet to realize full compliance with GDPR. The rules took affect more than a year ago, in May 2018.
Another key finding of the report is that automation of incident response is still emerging at many organizations. For the purposes of the report, the researchers define automation as enabling security technologies that augment or replace human intervention in the identification and containment of cyber exploits or breaches. These technologies depend upon artificial intelligence (AI), machine learning, analytics, and orchestration.
Less than one-quarter of the respondents said their organization significantly uses automation technologies, such as identity management and authentication, incident response platforms, and security information and event management (SIEM) tools as part of their response process.
About three quarters (77%) said their organizations only use automation moderately, insignificantly, or not at all. Organizations with the extensive use of automation rate their ability to prevent, detect, respond, and contain a cyber attack as higher than the overall sample of respondents.
According to Ponemon Institute’s 2018 Cost of a Data Breach Study, the use of automation is a missed opportunity to bolster cyber resilience, as organizations that fully deployed security automation saved $1.5 million on the total cost of a data breach. That contrasts with organizations that did not leverage automation and realized a much higher total cost of a data breach.
The ongoing cyber security skills gap appears to be further undermining cyber resilience, the report said, as organizations reported that a lack of staffing is hindering their ability to properly manage resources and needs.
Survey respondents said they lack the skilled professionals to properly maintain and test their incident response plans and are facing 10 to 20 open seats on cyber security teams. Only 30% of the respondents reported that staffing for cyber security is sufficient to achieve a high level of cyber resilience.
Three quarters of the respondents rate their difficulty in hiring and retaining skilled cyber security personnel as moderately high to high. On top of that, many organizations are dealing with an increasingly complex security infrastructure. Nearly half of the respondents (48%) said their organization deploys too many security tools, which ultimately increases operational complexity and reduces visibility into overall security posture.
One positive development is that organizations are finally acknowledging that collaboration between privacy and cyber security teams can improve cyber resilience. About two thirds of the organizations (62%) said aligning these teams is essential to achieving resilience.
Most of the respondents think the privacy role is becoming increasingly important, especially with the emergence of new regulations such as GDPR and the California Consumer Privacy Act. As a result, they are prioritizing data protection when making IT buying decisions.
What’s the top factor when it comes to justifying cyber security spending? More than half of the respondents (56%)
said its information loss or theft. This makes sense, as consumers demand companies to do more to actively protect their data.