77% of Organizations Lack a Cybersecurity Incident Response Plan

How prepared are organizations when it comes to withstanding and recovering from a cyberattack? The fourth annual benchmark study on Cyber Resilience by IBM Security and the Ponemon Institute showed that 77 percent of them are still do not have a cybersecurity incident response plan applied consistently across the enterprise.

Of the organizations surveyed that do have a plan in place, more than half (54%) do not test their plans regularly, which can leave them less prepared to effectively manage the complex processes and coordination that must take place in the wake of an attack.

The difficulty cybersecurity teams are facing in implementing a cyber security incident response plan has also impacted businesses’ compliance with the General Data Protection Regulation (GDPR). Nearly half of respondents (46%) say their organization has yet to realize full compliance with GDPR, even as the one-year anniversary of the legislation quickly approaches.

While studies show that companies who can respond quickly and efficiently to contain a cyberattack within 30 days save over $1 million on the total cost of a data breach on average, shortfalls in proper cybersecurity incident response planning have remained consistent over the past four years of the study.

Read more: Help Net Security