Businesses around the world are still far behind in meeting the threats of cybersecurity attacks, according to the 2020 Cyber Resilient Organization Report released by IBM Security.
The report polled more than 3,400 security and IT professionals across all continents. IBM Security found 74% of respondents were “still reporting that their plans are either ad hoc, applied inconsistently, or that they have no plans at all.”
The report found 26% of the surveyed organizations have a formal enterprise-wide security response plan, compared with 18% five years ago. But only 17% of respondents had a formal security response plan for dealing with cybersecurity attacks.
Furthermore, 39% of companies with a formal plan in place experienced a disruptive security incident over the past two years, compared with 62% of those with less formal or consistent plans.
Among the companies with attack-specific playbooks, the most common defensive strategies are focused on denial-of-service attacks (64%) and malware (57%), with only 45% considering ransomware as a potential problem. But 52% of respondents with security response plans either never reviewed those plans or have no set time period for reviewing or testing whether the plans would work.
“While more organizations are taking incident response planning seriously, preparing for cyberattacks isn’t a one-and-done activity,” Wendi Whitmore, vice president of IBM X-Force Threat Intelligence, said in a statement. “Organizations must also focus on testing, practicing and reassessing their response plans regularly. Leveraging interoperable technologies and automation can also help overcome complexity challenges and speed the time it takes to contain an incident.”
