76% of Aussie orgs lack an incident response plan

More than three in four (76%) Australian organisations admit to not having a formal cybersecurity incident response plan applied consistently across their organisation, new research commissioned by IBM Security has found.

But the third annual Cyber Resilient Organisation study, conducted by the Ponemon Institute and sponsored by IBM Resilient, also found that nearly half (48%) of organisations feel that their organisation is more cyber resilient today than it was 12 months ago.

This growing confidence was attributed to improvements in the areas of hiring skilled staff, improving information governance practices and enhancing visibility into applications and datasets.

The confidence may, however, be misplaced, as the study also found that 53% of respondents acknowledged that the time to resolve an incident has increased in the past 12 months and 65% reported that the severity of attacks has increased.

Despite the improvements in the hiring of skilled staff, 74% of respondents also report facing difficulty retaining and hiring qualified IT security professionals.

“Today’s local insights in this research backs the OIAC revealing that in the six weeks following changes to the Privacy Act there were 63 breaches reported,” IBM Security CTO and master inventor Chris Hockings said.

“Australian organisations need to understand that with security threats on the rise they need to accept that breaches are unavoidable and it is how you respond that counts.”

The lack of consistent incident response plans could also see Australian organisations fall afoul of the EU’s General Data Protection Regulation, which takes effect next month. The survey found that only 19% of Australian respondents rated their ability to comply with the upcoming regulation as ‘high’, which compares to a global average of 56%.

Please follow us and share on Twitter and Facebook. You can also subscribe for FREE to our weekly newsletter and quarterly magazine.