Monthly Archives: April 2019

The impact of automation on cyber resilience

Larry Ponemon

The Ponemon Institute and IBM Resilient are pleased to release the findings of the fourth annual study on the importance of cyber resilience to ensure a strong security posture. For the first time, we feature the importance of automation to cyber resilience. In the context of this research, automation refers to enabling security technologies that augment or replace human intervention in the identification and containment of cyber exploits or breaches. Such technologies depend upon artificial intelligence, machine learning, analytics and orchestration.

Other topics covered in this report are:

  • The impact of the skills gap on the ability to be more cyber resilient
  • How complexity can be the enemy of cyber resilience
  • Lessons learned from organizations that have achieved a high level of cyber resilience
  • The importance of including the privacy function in cyber resilience strategies.

Cyber resilience and automation go hand in hand. When asked to rate the value of automation and cyber resilience to their security posture on a scale of 1 = low value to 10 = high value, 62 percent rate the value of cyber resilience as very high and an even higher percentage of respondents (76 percent) find automation very valuable. Moreover, according to the research, 60 percent of respondents say their organizations’ leaders recognize that investments in automation, machine learning, artificial intelligence and orchestration strengthen their cyber resilience.

How automation supports and improves cyber resilience

In this section, we compare the findings of the 23 percent of respondents who self-reported their organizations use automation extensively (high automation) vs. 77 percent of respondents who use automation moderately, insignificantly or not at all (overall sample). Following are six benefits when automation is used extensively in the organization.

  1. High automation organizations are better able to prevent security incidents and disruption to IT and business processes. Measures used to determine improvements in cyber resilience are cyberattacks prevented and a reduction in the time to identify and contain the incident. 
  1. High automation organizations rate their cyber resilience much higher than the overall sample and also rate their ability to prevent, detect, respond to and contain a cyberattack as much higher.  
  1. Automation increases the importance of having skilled cybersecurity professionals such as security analysts, forensic analysts, developers and SecDevOps. Eighty-six percent of respondents in high automation organizations are more likely to recognize the importance of having cybersecurity professionals in their cybersecurity incident response plan (CSIRP) and are not as likely to have difficulty in hiring these professionals.
  1. High automation organizations are maximizing the benefits of threat intelligence sharing and advanced technologies. In every case, respondents in organizations that are extensive users of automation are more likely to believe threat intelligence and sharing, DevOps and secure SDLC, analytics and artificial intelligence are most effective in achieving cyber resilience.
  1. Automation can reduce complexity in the IT infrastructure. High automation organizations are more likely to say their organizations have the right number of security solutions and technologies. This can be accomplished by aligning in-house expertise to tools so that investments are leveraged properly. Respondents in the overall sample are more likely to have too many security solutions and technologies.
  1. High automation organizations recognize the value of the privacy function in achieving cyber resilience. Most respondents in this research recognize that the privacy role is becoming increasingly important, especially due to the EU’s GDPR and the California Consumer Privacy Act. Moreover, high automation organizations are more likely than the overall sample to recognize the importance of aligning the privacy and cybersecurity roles in their organizations (71 percent vs. 62 percent).

Lessons learned from high performing organizations

 As part of this research, we identified certain organizations represented in this study that self-reported as having achieved a high level of cyber resilience and are better able to mitigate risks, vulnerabilities and attacks.

Of the 3,655 organizations represented in this study, 960 respondents (26 percent of the total sample) self-reported 9+ on a scale of 1 = low resilience to 10 = high resilience. Respondents from these organizations, referred to as high performers, are much more confident in the strength of their security posture compared to those who self-reported they have not achieved a high state of high cyber resilience. They are referred to as average performers. Following are seven benefits from achieving a highly effective cyber resilience security posture. 

  1. High performers are significantly more confident in their ability to prevent, detect, contain and recover from a cyberattack. Of respondents in high performing organizations, 71 percent of respondents in high performing organizations are very confident in their ability to prevent a cyberattack, whereas slightly more than half (53 percent of respondents) from the other organizations believe they have a high ability to prevent a cyberattack.  
  1. High performers are far more likely to have a CSIRP that is applied consistently across the entire enterprise, which makes this group far more likely to prevent, detect, contain and respond to a cyberattack. Only 5 percent of high performers do not have a CSIRP. In contrast, 24 percent of organizations in the overall sample do not have a CSIRP.
  1. Communication with senior leaders about the state of cyber resilience occurs more frequently in high performing organizations. More than half of respondents (51 percent) vs. 40 percent in the overall sample communicate the effectiveness of cyber resilience to the prevention, detection, containment and response of cyberattacks to the C-suite and board of directors.
  1. Senior management in high performing organizations are more likely to understand the correlation between cyber resilience and their reputation in the marketplace. Perhaps because of frequent communication with the C-suite. As a result, high performing organizations are more likely to have adequate funding and staffing to achieve cyber resilience.
  1. Senior management’s awareness about the relationship between cyber resilience and reputation seems to result in greater support for investment in automation, machine learning, AI and orchestration to achieve a higher level of cyber resilience. In fact, 82 percent of respondents in high performing organizations use automation significantly or moderately. In the overall sample of organizations, 71 percent of respondents say their organizations use automation significantly or moderately.
  1. High performers are more likely to value automation in achieving a high level of cyber resilience. When asked to rate the value of automation, 90 percent of respondents in high performing organizations say automation is highly valuable to achieving cyber resilience. However, 75 percent of respondents in the overall sample say they place a high value on automation.
  1. High performers are more likely to have streamlined their IT infrastructure and reduced complexity. More than half of respondents (53 percent) vs. only 30 percent of respondents in the overall sample say their organizations have the right number of security solutions and technologies to be cyber resilient. The average number of separate security solutions and technologies in high performing organizations is 39 vs. 45 in the overall sample.

To read the entire report, visit IBM’s website at https://www.ibm.com/account/reg/us-en/signup?formid=urx-37792