As the threat landscape continues to worsen, it is more important than ever for organizations to be able to withstand or recover quickly from the inevitable data breach or security incident. Ponemon Institute and IBM Security are pleased to release the findings of the fifth annual study on the importance of cyber resilience to ensure a strong security posture. In this year’s study, we look at the positive trends in organizations improving their cyber resilience but also the persistent barriers that exist to achieving cyber resiliency.
The use of cloud services supports cyber resilience. As part of this research, we identified respondents in this study that self-reported their organizations have achieved a high level of cyber resilience and are better able to mitigate risks, vulnerabilities and attacks. We refer to these organizations as high performers.
As shown in Figure 1, 74 percent of respondents in high performing organizations vs. 58 percent of respondents in other organizations understand the importance of cyber resilience to achieving a strong cybersecurity posture. High performing organizations are also more likely to recognize the value of cloud services to achieving a high level of cyber resilience (72 percent of high performing respondents vs. 55 percent of respondents in the other organizations). According to these high performing organizations, cyber resilience is improved because of the cloud services’ distributed environment and economies of scale.
[NOTE: We define cyber resilience as the alignment of prevention, detection and response capabilities to manage, mitigate and move on from cyberattacks. This refers to an enterprise’s capacity to maintain its core purpose and integrity in the face of cyberattacks. A cyber resilient enterprise is one that can prevent, detect, contain and recover from a myriad of serious threats against data, applications and IT infrastructure.]
In this section of the report, we provide an analysis of the global consolidated key findings. Ponemon Institute surveyed more than 4,200 IT and IT security professionals in the following countries: The United States, Australia, the United Kingdom, France, Germany, Middle East (UAE/Saudi Arabia), ASEAN, Canada, India and Japan. Most of them are involved in securing systems, evaluating vendors, managing budgets and ensuring compliance.
The complete audited findings are presented in the Appendix of the full report, published on IBM’s website. The findings there are organized into the following topics:
- Since 2015, organizations have significantly improved their cyber resilience
- The steps taken that support the improvement in cyber resilience
- More work needs to be done to become cyber resilient
- Lessons from organizations with a high degree of cyber resilience
- Country differences
Here is a sample of section 1:
Since 2015, organizations have significantly improved their cyber resilience
More organizations have achieved a high level of cyber resilience. In 2016, less than one-third of respondents said their organizations had achieved a high level of cyber resilience and in this year’s research the majority of organizations say they have achieved a high level of cyber resilience. With the exception of the ability to contain a cyber attack, significant improvements have been made in the ability to prevent and detect an attack.
Improvement in cyber resilience has steadily increased since 2016. Since 2016, the percentage of respondents who say their cyber resilience has significantly improved or improved has significantly increased from 27 percent of respondents in 2016 to almost half (47 percent of respondents) in 2020.
The number of cyber attacks prevented is how organizations measure improvement in cyber resilience. Of the 47 percent of respondents who say their organizations’ cyber resilience has improved, 56 percent say improvement is measured by the ability to prevent a cyber attack.
As discussed previously, since 2015 the ability to prevent such an incident has increased significantly from 38 percent of respondents who said they have a high ability to 53 percent in this year’s research. Another indicator of improvement is the time to identify the incident, according to 51 percent of respondents. Similar to prevention, the ability to detect an attack has improved since 2015.
Expertise, governance practices and visibility are the reasons for improvement. To achieve a strong cyber resilience posture, the most important factors are hiring skilled personnel (61 percent of respondents), improved information governance practices (56 percent of respondents) and visibility into applications and data assets (56 percent of respondents). These are followed by such enabling technologies as analytics, automation and use of AI and machine learning.
Least important is C-level buy-in and support for the cybersecurity function and board-level reporting on the organizations’ cyber resilience. Currently, only 45 percent of respondents say their organizations issue a formal report on the state of cyber resilience to C-level executives and/or the board.
Having skilled staff is the number reason cyber resilience improves and the loss of such expertise prevents organizations from achieving a high level of cyber resilience, according to 41 percent of respondents. Respondents also cite the need for an adequate budget, the ability to overcome silo and turf issues, visibility into applications and data assets and properly configured cloud services are essential to improving their organizations’ cyber resilience.