The odds are not good. A new IBM/Ponemon Institute study claims 66 percent of organizations would not recover from a cyberattack. This ability to recover—dubbed “cyber resilience”—is defined as an organization’s ability to maintain its core purpose and integrity in the face of cyberattacks.”
Why are companies ill-equipped? Study respondents admit one of the leading reasons is the lack of a formal cyber incident response plan. (If you’re in this boat, be sure to review our suggested elements of a strong plan). Yet even those companies with a plan in place struggle with consistent application and follow through. In fact, 52 percent admit they have either not reviewed or updated the plan since its adoption, or have no plans to do so. Study participants also doubt their ability to quickly resolve a cyberattack, with 41 percent saying they believe their response times have actually increased in the past year.
Additional challenges to cyber resilience that were mentioned include “insufficient planning and preparedness” (66 percent) and “complexity of IT processes” (46 percent).
Here’s the hard truth: most of the reasons study participants gave for not being adequately prepared are within their control—having a plan, updating it with regularity and making sure everyone understands and follows it.
What isn’t in their control is the fact that cyber threats are not going to end. In its Mid-Year Review: 6 of the Biggest Cyber Threats of 2016, Heimdel Security notes that “there are no new major cyber issues, only old ones that reached a whole new level. They grew bigger, stronger, and impacted more people than we could have imagined.”
So if you’re failing to ensure your own cyber resilience for any reason, today should be the day to turn the page. There’s no time to waste—over half of the companies represented in the IBM/Ponemon study reported at least one data breach in the past two years. In addition, 74 percent said they faced threats as a result of “human error.” Overall, the top mentioned attacks were malware (74 percent) and phising (64 percent).
No, the odds aren’t good. But if you’re ready for a cyberattack, your chances of recovery vastly improve. Want to learn more? Be sure to check out MJ’s library of cybersecurity blogs, and please don’t hesitate to ask us for coverage advice or a review of your existing IT risks. We’re here to help!