Best of 2020: 3 in 4 companies lack an adequate cyber response plan
A survey of around 3400 IT and security professionals in a number of markets including Australia found that 74% are still reporting that their security response plans are ad hoc, are applied inconsistently, or that they have no plans at all.
While this is an improvement from the 18% of respondents with a security response plan in 2015, even among the 26% with a formal, enterprise-wide security response plan, only a third (17% of total respondents) had also developed specific playbooks for common attack types.
Respondents were even less likely to report having specific plans tailored to relatively new attack types such as ransomware attacks, but were more likely to have plans in place for DDoS and generic malware attacks.
Additionally, more than half of those with security response plans said they have never reviewed or that they have no set time period for conducting such reviews, suggesting that many plans could be outdated.
The research also found that companies with formal plans in place were less likely to experience significant disruption as the result of a cyber attack. Only 39% of these companies experienced a disruptive security incident in the past two years, compared with 62% of those with less formal or consistent plans.
Companies that have incident response teams and extensively test their incident response plans were meanwhile found to spend an average of US$1.2 million ($830,000) less on data breaches than companies lacking these mitigation tools.
Conversely, the results suggest that it’s possible to be overprepared, with complexity negatively impacting incident response capabilities.
The report found that companies using more than 50 security tools ranked themselves 8% lower in their ability to detect an attack and 7% lower when it comes to responding an attack than companies with closer to the average of 45 tools.
“While more organisations are taking incident response planning seriously, preparing for cyber attacks isn’t a one-and-done activity,” IBM E-Force Threat Intelligence VP Wendi Whitmore said.
“Organisations must also focus on testing, practising and reassessing their response plans regularly. Leveraging interoperable technologies and automation can also help overcome complexity challenges and speed the time it takes to contain an incident.”
This article was first published on 7 July 2020
Information Technology Professionals Association (ITPA) is a not-for-profit organisation focused on continual professional development for its 18,700 members. To learn more about becoming an ITPA member, and the range of training opportunities, mentoring programs, events and online forums available, go to www.itpa.org.au.
The IT industry should be more vocal about the dangers of using old software and hardware in an...
COVID-19 has accelerated the adoption of many technologies — some positive, some negative...
ITPA is closely monitoring developments with the Security of Critical Infrastructure Act and...