About 75% of companies don’t have adequate Cyber Security Incident Response Plans (IRPs), so how Cyber Resilient is your Company? Or Law Firm?

Of the 2,000 IT and IT security professionals surveyed by the Ponemon Institute “75% of respondents admit they do not have a formal cyber security incident response plan (CSIRP) that is applied consistently across the organization” and 51% rated cyber resilience as “very important or essential to achieving a strong security posture.”  The November 2016 Ponemon report entitled “The 2016 Cyber Resilient Organization- Executive Summary” (sponsored by Resilient an IBM company) started with this definition of Cyber Resilience:

The capacity of an enterprise to maintain its core purpose and integrity in the face of cyber attacks.

Networkworld’s November 16, 2016 report entitled “IBM: Many companies still ill-prepared for cyber attacks” highlighted these key results from the Ponemon study:

• Of those with a CSIRP in place, 52% have either not reviewed or updated the plan since it was put in place, or have no set plan for doing so.
• 41% say the time to resolve a cyber incident has increased in the past 12 months, compared to only 31% who say it has decreased.
• 74% say they faced threats due to human error in the past year
• When examining the past two years, 74% say they have been compromised by malware on a frequent basis, and 64% have been compromised by phishing on a frequent basis
• 68% don’t believe their organizations have the ability to remain resilient in the wake of a cyberattack
• 66% aren’t confident in their organization’s ability to effectively recover from an attack
• 25% have an incident response plan applied consistently across the organization. 23% have no incident response plan at all
• Only 14% test their incident response plans more than one time per year
• 66% cite a lack of planning as their organization’s biggest barrier to becoming resilient to cyberattacks
• 48% say their organization’s Cyber Resilience has either declined (4 percent) or not improved (44%) over the past 12 months
• 41% say the time to resolve a cyber incident has increased or increased significantly, while only 31% say it has decreased or decreased significantly
• In 2015, the average cybersecurity budget was $10 million. This increased to an average of $11.4 million. More funding has been allocated to cyber resilience-related activities. In 2015, 26% of the IT security budget was allocated to cyber resilience related activities. This increased to 30% in 2016.

No surprises here, but what are you doing for cyber protection?